libhttp-daemon-perl_6.17-1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Wed May 27 19:08:18 BST 2026
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 27 May 2026 19:23:34 +0200
Source: libhttp-daemon-perl
Architecture: source
Version: 6.17-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintainers at lists.alioth.debian.org>
Changed-By: gregor herrmann <gregoa at debian.org>
Closes: 1138050
Changes:
libhttp-daemon-perl (6.17-1) unstable; urgency=medium
.
* Import upstream version 6.17.
- Fix CVE-2026-8450: 2-arg open() in send_file() enabled RCE / arbitrary
file write / response-body exfiltration when a string argument was
derived from attacker-influenced input. send_file() now uses 3-arg
open() with an explicit '<' read mode, so the path is always treated as a
literal filename and 2-arg open() shell-magic shapes ('| cmd', 'cmd |',
'> path', etc.) are no longer interpreted.
Closes: #1138050
* Update years of upstream copyright.
* Update Upstream-Contact in debian/copyright.
* Declare compliance with Debian Policy 4.7.4.
* Remove «Rules-Requires-Root: no», which is the current default.
* Remove «Priority: optional», which is the current default.
Checksums-Sha1:
c8bd772d05d70f4ecc85d3340534d389eb0c61eb 2676 libhttp-daemon-perl_6.17-1.dsc
f3acef84c37f0f22de951f425dc034c96c2c8446 48657 libhttp-daemon-perl_6.17.orig.tar.gz
250b4e6451725976be3ffc002b3ed21baaccb06b 3692 libhttp-daemon-perl_6.17-1.debian.tar.xz
Checksums-Sha256:
141f1dbc3bfb89a26f613c28de97765785a92c486dc904b3a2c8c56e1278ff13 2676 libhttp-daemon-perl_6.17-1.dsc
16281580c40e23108d028434698b5d7d53637bf904c9df822481e253cbec920c 48657 libhttp-daemon-perl_6.17.orig.tar.gz
b8ab423f4ab3efe68770a162ac45e668ed00e62f9d3debb0b8a4d6822a1e5520 3692 libhttp-daemon-perl_6.17-1.debian.tar.xz
Files:
ef8e7757201df0982ad5acae38cc29e0 2676 perl optional libhttp-daemon-perl_6.17-1.dsc
14f98fd61159ec4740a21781b787944e 48657 perl optional libhttp-daemon-perl_6.17.orig.tar.gz
5a5598dd80328c932df8d93ecd1cce56 3692 perl optional libhttp-daemon-perl_6.17-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmoXKPdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgaE3BAAiTL23+QmMYyA85AifpBMYwBOxT/FYfXbj9FUHfzFdJsYXN6YkyhQwbww
rAPnZyjcycu5IRSqlEW01r1LSEke5lXcw/fHuaOQ2AwIspPH+pOQ+k3m8/e6l6d6
fiiM/CRdYAImbGsDyVfXp3GS0bvwwR/9Ovr4w7ld5V/TsmklMDrmK/MrjLRakiRm
oB909M2aogUHboPLlxlPlElDHv6F9Q8ncppvxW0Avtor9IBbBPTbqS+rwlSaZjmU
aVN0sEOXZt24ISFiauKJYFxRvodBEm1KRPTRUyb142E9xrIlXXV+h3lFvg6sr+Du
WowWIpIoybaQ8X7fsrWXwGqadOoAhD4So6jEwCG/ZXtnthK8WlVbF3eU3Feug2VO
kDFTTSwv3/aLLPo8Rga9aX0nUHD/gKNt9ndio4S4IwZWobJ9jfbpoh4nqxbgarPH
hFvVs+cbGtdd7POan6WZ9/7D3+JiRGD3Y5T4XwsYAG6criLLroKkjxWzdELFjstb
6NqAoYuf8H/CyMgCpB6Q6yFcSFXvm331ZESl00YIAsjPVQ0Ke6y1h2/8MCuoh5Vu
qN7yiJj+xRyisBRCNmVnd/D15i/EulUwWZtM7xWl0eqqenYp6x5RoTaEQKwhLroC
J28JUbDd0yF6Bf6oZwqnZsoY9I/jbRF4q8L8pD1PztF4C6FlETA=
=zKc7
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20260527/f6bde032/attachment.sig>
More information about the pkg-perl-maintainers
mailing list