libcrypt-pbkdf2-perl_0.261630-1~deb13u1_sourceonly.changes ACCEPTED into proposed-updates->stable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Jun 13 16:18:36 BST 2026
Thank you for your contribution to Debian.
Mapping trixie to stable.
Mapping stable to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 13 Jun 2026 09:43:05 +0200
Source: libcrypt-pbkdf2-perl
Architecture: source
Version: 0.261630-1~deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintainers at lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil at debian.org>
Closes: 1139867
Changes:
libcrypt-pbkdf2-perl (0.261630-1~deb13u1) trixie; urgency=medium
.
* Rebuild for trixie
* Revert "Annotate test-only build dependencies with <!nocheck>."
* Revert "Remove «Priority: optional», which is the current default."
* Revert "Declare compliance with Debian Policy 4.7.4."
.
libcrypt-pbkdf2-perl (0.261630-1) unstable; urgency=medium
.
* Team upload.
* Import upstream version 0.261630.
- Change the default hash algorithm to HMAC-SHA256, and increase the
default number of iterations to 600,000 (CVE-2026-9641).
- Generate salts using Crypt::URandom instead of perl's builtin `rand()`
(CVE-2026-9638).
- Use a constant-time comparison in `validate` to avoid timing attacks
(CVE-2017-20240).
Closes: #1139867
* Update debian/upstream/metadata.
* Update years of upstream copyright.
* debian/control: update build/test/runtime dependencies.
* Declare compliance with Debian Policy 4.7.4.
* Remove «Priority: optional», which is the current default.
* Annotate test-only build dependencies with <!nocheck>.
Checksums-Sha1:
5b50379b2f028d5e416f6f080798812216fb33f6 2613 libcrypt-pbkdf2-perl_0.261630-1~deb13u1.dsc
9b3f328827bffb17edc8bcf43f644df6f6d19745 3116 libcrypt-pbkdf2-perl_0.261630-1~deb13u1.debian.tar.xz
Checksums-Sha256:
aee6fab44d722ca1601e7e21df574b9096c09b8508bf07e0b55e062abb237767 2613 libcrypt-pbkdf2-perl_0.261630-1~deb13u1.dsc
e3425465e0c9d6ac561ca4c44e450787eb29000931cd036b41f6c5933ef4612c 3116 libcrypt-pbkdf2-perl_0.261630-1~deb13u1.debian.tar.xz
Files:
29bf7bc46cbac52ece4eeeea1e0d4ab0 2613 perl optional libcrypt-pbkdf2-perl_0.261630-1~deb13u1.dsc
2a7fbc30855fa0364e3be6ad300b0dcd 3116 perl optional libcrypt-pbkdf2-perl_0.261630-1~deb13u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmotcOJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EmrYP/2KU1hhHpWXvBAfA363MHFipP+UGeNed
DcYUmGT5xjiEebiqFCFDTWDqjKB9wYNziD3xwlaq5HQ2Eg4WhFirUDvMqvwR1Bwu
7DTMNlCiLaPa/NjlNOTUU3kCUvfZA/TRywhffl0OB9DR9eGPWFtmldjkCObNAJMg
rTWqM5qJYGbmvkgApDqoOkuk6nTrZKlXQGRwaJzmIKFo2XelAXQ/ZGhq80mVnpH8
kTrRibYLJa58wwsuzvvCLh3uwYKuG4MXmpfKpwURl8KYgK8rbsgC0CLEAIe2e3OD
gEoSxMY32/3GV44Zm/bEssyZV+Xo+uwDW2GUwVN+EUhJSmtpLJBE5wo17WY5UE4S
M+otMaMFffkfrfT+fLTwYl4CrAgy+jbovdAhFd+lJD+s/KgxjPusMsOrU9EwIHgT
EB8/op2irw+enCCewBt6RYp5FfOxjjlQ2uC3/VvvPTL7mQYRqUu/Zhnl43gVk212
ga3TaPNdUxoB0cXLweOkAaE7myxkD36JOvHU/4lvZHmH4oL7uSR7KsPskTBJCwsw
cZMDiWx8aNtfr/JZ6/OOZRpbszNcwVyv4x4578asvVD7Fs6QXcYddILOGF5SrkfQ
AlTZrKbwPDFVghP5nXfP3VBNneV7aS+7bjWbUhlfltauu5umcAMkSO/VC8bLScZO
4qq1e+izYr8B
=bCj/
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20260613/788070d2/attachment.sig>
More information about the pkg-perl-maintainers
mailing list