libcrypt-pbkdf2-perl_0.261630-1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri Jun 12 23:18:40 BST 2026
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 13 Jun 2026 00:01:11 +0200
Source: libcrypt-pbkdf2-perl
Architecture: source
Version: 0.261630-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintainers at lists.alioth.debian.org>
Changed-By: gregor herrmann <gregoa at debian.org>
Closes: 1139867
Changes:
libcrypt-pbkdf2-perl (0.261630-1) unstable; urgency=medium
.
* Team upload.
* Import upstream version 0.261630.
- Change the default hash algorithm to HMAC-SHA256, and increase the
default number of iterations to 600,000 (CVE-2026-9641).
- Generate salts using Crypt::URandom instead of perl's builtin `rand()`
(CVE-2026-9638).
- Use a constant-time comparison in `validate` to avoid timing attacks
(CVE-2017-20240).
Closes: #1139867
* Update debian/upstream/metadata.
* Update years of upstream copyright.
* debian/control: update build/test/runtime dependencies.
* Declare compliance with Debian Policy 4.7.4.
* Remove «Priority: optional», which is the current default.
* Annotate test-only build dependencies with <!nocheck>.
Checksums-Sha1:
ab207064965b55696295f18d043e8f0df5758ea9 2794 libcrypt-pbkdf2-perl_0.261630-1.dsc
699cfaeb3ea8e679a514bf400703b31d68af4f42 17986 libcrypt-pbkdf2-perl_0.261630.orig.tar.gz
70d8b5c5575c22687f1d3f078a3810c52db91d85 3096 libcrypt-pbkdf2-perl_0.261630-1.debian.tar.xz
Checksums-Sha256:
735c6f21b25c34ef047c02a15e0605c26ef0b54bf3a7d5ffa21b5b29a2e06fff 2794 libcrypt-pbkdf2-perl_0.261630-1.dsc
18757189638932b309b34c45bb810aa3e4856e3ed580100017dade65793f46c0 17986 libcrypt-pbkdf2-perl_0.261630.orig.tar.gz
e3838a0a70d2ff721b3a9edf0dd51be45ec685bc00a7f731ebb0b957a3e806ee 3096 libcrypt-pbkdf2-perl_0.261630-1.debian.tar.xz
Files:
1dbb462b47c2b89694b6844733994aac 2794 perl optional libcrypt-pbkdf2-perl_0.261630-1.dsc
7ecd1f4830904a0e9c0a2eea79ca74a5 17986 perl optional libcrypt-pbkdf2-perl_0.261630.orig.tar.gz
26dafb754eb13af02020e2c93580b358 3096 perl optional libcrypt-pbkdf2-perl_0.261630-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmosgqBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgaM/Q/+OeOQYulKVaWEUoKwxb7Db4lUWMNoiok3gCXJ1d7YTfFsSoQ7ZyyZM7Q/
/ZWmnEUOjkrhR0aSB8RAGVtSXe4d6ts7Rd6uwymzPFbd22ZvKTCHNO7e3FMNkGbq
MSfOemOvXI46AnapW1UnNjibh7Hy7vrGC4PWIkm5BeA+xVJbkFtrpKcLATeoxVvu
lSfg+qOj+EW++KrIa1i4B3hop8kqO3OInzYDDybg0z52pPJ84RtmVyCS09Y5pOQ9
wslNxwhhfUf0ZTAd5pHztEHcxcJRfxZUhRkMxX70KfHGufslh4OnRaXhmnxqe3CH
kkLeUMx/PGlvIIiYfWitAjKQQXjGcJPs8Gh1a5hFIbYDvMcwsBThbSjqOwUIXben
cOIAjZ7Xm/tGx4dsVAmmCsGjuet0VpWYtNftNlzC8YZ+2uwh5hZAgOgEb5MbdP7g
247V3Ynl0PLof89bi2CRJfvUZtOrWwVKIMtTIbQB058HDJ3zAnrKV6cW2MtMwUE3
St2s1pmDigibfJXveKJ/9/dEYKGZ2WRbf/I6HFN+X2cvTeYxMD4COG8M3vskDBzU
3RmKValJbXCkpZOi9QskMmI2eiNKuphGYXDOV/ipYeOUVabXrpj29fDBSvFXE/gZ
o+ONe1LIjCZdTbEhrlhIzkhnNv6QTrjdvz9vtH6wG4j/PyCnKKw=
=n8WO
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20260612/98b21fec/attachment.sig>
More information about the pkg-perl-maintainers
mailing list