libcrypt-pbkdf2-perl_0.261630-1~deb13u1~deb12u1_sourceonly.changes ACCEPTED into oldstable-proposed-updates->oldstable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Jun 13 16:18:31 BST 2026
Thank you for your contribution to Debian.
Mapping bookworm to oldstable.
Mapping oldstable to oldstable-proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 13 Jun 2026 11:44:25 +0200
Source: libcrypt-pbkdf2-perl
Architecture: source
Version: 0.261630-1~deb13u1~deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintainers at lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil at debian.org>
Closes: 1139867
Changes:
libcrypt-pbkdf2-perl (0.261630-1~deb13u1~deb12u1) bookworm; urgency=medium
.
* Rebuild for bookworm
.
libcrypt-pbkdf2-perl (0.261630-1~deb13u1) trixie; urgency=medium
.
* Rebuild for trixie
* Revert "Annotate test-only build dependencies with <!nocheck>."
* Revert "Remove «Priority: optional», which is the current default."
* Revert "Declare compliance with Debian Policy 4.7.4."
.
libcrypt-pbkdf2-perl (0.261630-1) unstable; urgency=medium
.
* Team upload.
* Import upstream version 0.261630.
- Change the default hash algorithm to HMAC-SHA256, and increase the
default number of iterations to 600,000 (CVE-2026-9641).
- Generate salts using Crypt::URandom instead of perl's builtin `rand()`
(CVE-2026-9638).
- Use a constant-time comparison in `validate` to avoid timing attacks
(CVE-2017-20240).
Closes: #1139867
* Update debian/upstream/metadata.
* Update years of upstream copyright.
* debian/control: update build/test/runtime dependencies.
* Declare compliance with Debian Policy 4.7.4.
* Remove «Priority: optional», which is the current default.
* Annotate test-only build dependencies with <!nocheck>.
Checksums-Sha1:
fad42c21848cc5c2db12b9f445145feab64569ca 2645 libcrypt-pbkdf2-perl_0.261630-1~deb13u1~deb12u1.dsc
e13f51e8c7c4207f3a3388037bdd7220ab43a3da 3144 libcrypt-pbkdf2-perl_0.261630-1~deb13u1~deb12u1.debian.tar.xz
Checksums-Sha256:
f4ec042834364d8d21b4911418f87481ff74f3929f34d2ddceef6ba163e92738 2645 libcrypt-pbkdf2-perl_0.261630-1~deb13u1~deb12u1.dsc
e0d246652b45fc2df5bd53dccfadb98ec112ebb3f9c1c3e4fa54625d5296e1b3 3144 libcrypt-pbkdf2-perl_0.261630-1~deb13u1~deb12u1.debian.tar.xz
Files:
49b0155894f7edc8c75392c4359dd265 2645 perl optional libcrypt-pbkdf2-perl_0.261630-1~deb13u1~deb12u1.dsc
a521da6cfd7fdb61d3c5b9f69d9fc6f9 3144 perl optional libcrypt-pbkdf2-perl_0.261630-1~deb13u1~deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmotcRdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8YYP/jef3lpIjhs7Z9LpitYZzV0vBzo5FmkC
9WP0vvfkp8qSg0AIRF+UVYXFZU8YIwVqcwkUKwV+DftEoqh+qyPgUxudnTnc0Tzq
+jSxPf8NjhUoti6Gc/CPhnnNSycz2qy7ntUE967Gwew4llsoIz0yhhFHdbEXushk
wohlzqOUU+3T2GfXFvQd9KAeUTb73W3VppMdLiXkDP+BrKitftPp5Kg4WSS0zN4k
hzkbfZiwusdBdeUoFxu0pqUMvJJIz3bWEi0ntQn24OxXhECJcDRrVjMs8zmGAWyG
9P4OjAS3o6NWv/0zZpjGixB6abnn5fEO5rCHZ+64HISYhUhph/84yoKrNu2+IoPu
jvcrepGi8x0FeFUSoilg+VE5afSPDnQYZwYcvDT3JK402LuoWqxiYcuIx//3lJs8
FctWkOOqPM3kmJo1aexWFdH7hfDGOROtx1w4IL/MVN7j6cRVI/Rsj1An3DY4/Cwf
WGg2IYj/fiVUAb2tEi76SeJp9vTOhXx5O+qpc0xs45oFc2yQOeukezT1zkfy/1S8
X3/aShy+JSZHpKAiTF/TX1YjLszwqjkV6t0YxQPIQAA0c3UR1T3jDX6xGaXCCq5L
LIJMLZKWuuwRWKNFBy9i18V6skEwGJM2ZJzyd3eBvl3W8WTHzbmfp75Yo+Uu1gH8
SGAeUig0hzq1
=KBUR
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20260613/76e333d4/attachment.sig>
More information about the pkg-perl-maintainers
mailing list