Debian Bug report logs - #661548
libyaml-libyaml-perl: CVE-2012-1152: Format string vulnerabilities in YAML parsing

version graph

Package: src:libyaml-libyaml-perl; Maintainer for src:libyaml-libyaml-perl is Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>;

Reported by: Dominic Hargreaves <dom@earth.li>

Date: Mon, 27 Feb 2012 21:45:43 UTC

Severity: grave

Tags: security

Found in versions libyaml-libyaml-perl/0.33-1, libyaml-libyaml-perl/0.38-1

Fixed in versions libyaml-libyaml-perl/0.38-2, libyaml-libyaml-perl/0.33-1+squeeze1

Done: Niko Tyni <ntyni@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://rt.cpan.org/Public/Bug/Display.html?id=75365

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#661548; Package src:libyaml-libyaml-perl. (Mon, 27 Feb 2012 21:45:47 GMT) Full text and rfc822 format available.

Acknowledgement sent to Dominic Hargreaves <dom@earth.li>:
New Bug report received and forwarded. Copy sent to Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>. (Mon, 27 Feb 2012 21:45:47 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Dominic Hargreaves <dom@earth.li>
To: submit@bugs.debian.org
Subject: libyaml-libyaml-perl: FTBFS with hardening flags enabled: -Werror=format-security
Date: Mon, 27 Feb 2012 21:44:42 +0000
Source: libyaml-libyaml-perl
Severity: normal
Version: 0.38-1
User: debian-qa@lists.debian.org
Usertags: hardening-format-security hardening

With hardening flags enabled, this package FTBFS:

perl_libyaml.c: In function 'Load':
perl_libyaml.c:191:5: error: format not a string literal and no format arguments [-Werror=format-security]
perl_libyaml.c: In function 'load_node':
perl_libyaml.c:274:9: error: format not a string literal and no format arguments [-Werror=format-security]
perl_libyaml.c: In function 'load_mapping':
perl_libyaml.c:318:9: error: format not a string literal and no format arguments [-Werror=format-security]
perl_libyaml.c: In function 'load_sequence':
perl_libyaml.c:351:9: error: format not a string literal and no format arguments [-Werror=format-security]
cc1: some warnings being treated as errors

(this is the first error of this type seen: it's possible that there
could be others once this is fixed).

A likely fix is to change croak(var) to croak("%s", var)[1], or similar.

Note that I haven't verified whether an externally-controlled string is
used; if so, it would be appropriate to upgrade this bug RC severity
with the security tag[2].

This was found during testing of perl 5.14.2-8 in experimental; however,
since that version was prepared, it has been decided not to export
those build flags in Config_heay.pl. Nevertheless, it is likely that at
some point, either in debhelper 9 or 10, the hardening flags will be
enabled for all perl modules.

Thanks,
Dominic.

[1] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657853#92>
[2] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657853#117>

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)




Set Bug forwarded-to-address to 'https://rt.cpan.org/Public/Bug/Display.html?id=75365'. Request was from Niko Tyni <ntyni@debian.org> to control@bugs.debian.org. (Thu, 08 Mar 2012 17:45:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#661548; Package src:libyaml-libyaml-perl. (Fri, 09 Mar 2012 06:12:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Niko Tyni <ntyni@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>. (Fri, 09 Mar 2012 06:12:07 GMT) Full text and rfc822 format available.

Message #12 received at 661548@bugs.debian.org (full text, mbox):

From: Niko Tyni <ntyni@debian.org>
To: Dominic Hargreaves <dom@earth.li>, 661548@bugs.debian.org
Cc: team@security.debian.org
Subject: Re: Bug#661548: libyaml-libyaml-perl: FTBFS with hardening flags enabled: -Werror=format-security
Date: Fri, 9 Mar 2012 08:09:54 +0200
severity 661548 grave
tag 661548 security
found 661548 0.33-1
thanks

On Mon, Feb 27, 2012 at 09:44:42PM +0000, Dominic Hargreaves wrote:
> Source: libyaml-libyaml-perl
> Severity: normal
> Version: 0.38-1
> User: debian-qa@lists.debian.org
> Usertags: hardening-format-security hardening
> 
> With hardening flags enabled, this package FTBFS:
> 
> perl_libyaml.c: In function 'Load':
> perl_libyaml.c:191:5: error: format not a string literal and no format arguments [-Werror=format-security]
> perl_libyaml.c: In function 'load_node':
> perl_libyaml.c:274:9: error: format not a string literal and no format arguments [-Werror=format-security]
> perl_libyaml.c: In function 'load_mapping':
> perl_libyaml.c:318:9: error: format not a string literal and no format arguments [-Werror=format-security]
> perl_libyaml.c: In function 'load_sequence':
> perl_libyaml.c:351:9: error: format not a string literal and no format arguments [-Werror=format-security]

These format strings can be injected from user input,
so raising the severity. A DSA will be issued for squeeze.

I've just notified upstream via the RT tickets below. Could somebody from
the pkg-perl team please prepare updated packages (built with -sa for
stable-security as this is new there)?  Trivial patches can be found in

 https://rt.cpan.org/Public/Bug/Display.html?id=75365
 https://rt.cpan.org/Public/Bug/Display.html?id=46507

-- 
Niko Tyni   ntyni@debian.org




Severity set to 'grave' from 'normal' Request was from Niko Tyni <ntyni@debian.org> to control@bugs.debian.org. (Fri, 09 Mar 2012 06:12:09 GMT) Full text and rfc822 format available.

Added tag(s) security. Request was from Niko Tyni <ntyni@debian.org> to control@bugs.debian.org. (Fri, 09 Mar 2012 06:12:09 GMT) Full text and rfc822 format available.

Bug Marked as found in versions libyaml-libyaml-perl/0.33-1. Request was from Niko Tyni <ntyni@debian.org> to control@bugs.debian.org. (Fri, 09 Mar 2012 06:12:10 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#661548; Package src:libyaml-libyaml-perl. (Sat, 10 Mar 2012 07:09:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Niko Tyni <ntyni@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>. (Sat, 10 Mar 2012 07:09:06 GMT) Full text and rfc822 format available.

Message #23 received at 661548@bugs.debian.org (full text, mbox):

From: Niko Tyni <ntyni@debian.org>
To: Dominic Hargreaves <dom@earth.li>, 661548@bugs.debian.org
Cc: team@security.debian.org
Subject: Re: Bug#661548: libyaml-libyaml-perl: FTBFS with hardening flags enabled: -Werror=format-security
Date: Sat, 10 Mar 2012 09:06:16 +0200
retitle 661548 libyaml-libyaml-perl: CVE-2012-1152: Format string vulnerabilities in YAML parsing
thanks

On Fri, Mar 09, 2012 at 08:09:54AM +0200, Niko Tyni wrote:
> severity 661548 grave
> tag 661548 security
> found 661548 0.33-1
> thanks
> 
> On Mon, Feb 27, 2012 at 09:44:42PM +0000, Dominic Hargreaves wrote:
> > Source: libyaml-libyaml-perl
> > Severity: normal
> > Version: 0.38-1
> > User: debian-qa@lists.debian.org
> > Usertags: hardening-format-security hardening
> > 
> > With hardening flags enabled, this package FTBFS:

> These format strings can be injected from user input,
> so raising the severity. A DSA will be issued for squeeze.

This is CVE-2012-1152.

http://seclists.org/oss-sec/2012/q1/609
-- 
Niko Tyni   ntyni@debian.org




Changed Bug title to 'libyaml-libyaml-perl: CVE-2012-1152: Format string vulnerabilities in YAML parsing' from 'libyaml-libyaml-perl: FTBFS with hardening flags enabled: -Werror=format-security' Request was from Niko Tyni <ntyni@debian.org> to control@bugs.debian.org. (Sat, 10 Mar 2012 07:09:07 GMT) Full text and rfc822 format available.

Reply sent to Niko Tyni <ntyni@debian.org>:
You have taken responsibility. (Sat, 10 Mar 2012 07:21:04 GMT) Full text and rfc822 format available.

Notification sent to Dominic Hargreaves <dom@earth.li>:
Bug acknowledged by developer. (Sat, 10 Mar 2012 07:21:04 GMT) Full text and rfc822 format available.

Message #30 received at 661548-close@bugs.debian.org (full text, mbox):

From: Niko Tyni <ntyni@debian.org>
To: 661548-close@bugs.debian.org
Subject: Bug#661548: fixed in libyaml-libyaml-perl 0.38-2
Date: Sat, 10 Mar 2012 07:17:40 +0000
Source: libyaml-libyaml-perl
Source-Version: 0.38-2

We believe that the bug you reported is fixed in the latest version of
libyaml-libyaml-perl, which is due to be installed in the Debian FTP archive:

libyaml-libyaml-perl_0.38-2.debian.tar.gz
  to main/liby/libyaml-libyaml-perl/libyaml-libyaml-perl_0.38-2.debian.tar.gz
libyaml-libyaml-perl_0.38-2.dsc
  to main/liby/libyaml-libyaml-perl/libyaml-libyaml-perl_0.38-2.dsc
libyaml-libyaml-perl_0.38-2_amd64.deb
  to main/liby/libyaml-libyaml-perl/libyaml-libyaml-perl_0.38-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 661548@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niko Tyni <ntyni@debian.org> (supplier of updated libyaml-libyaml-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 10 Mar 2012 08:57:07 +0200
Source: libyaml-libyaml-perl
Binary: libyaml-libyaml-perl
Architecture: source amd64
Version: 0.38-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: Niko Tyni <ntyni@debian.org>
Description: 
 libyaml-libyaml-perl - Perl interface to libyaml, a YAML implementation
Closes: 661548
Changes: 
 libyaml-libyaml-perl (0.38-2) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Julián Moreno Patiño ]
   * Enable hardening flags. (Closes: #661548)
     + Switch compat level 8 to 9.
     + Add fix_ftbfs_hardening_flags.diff patch.
     + Bump debhelper version to 9.
   * Bump Standards-Version to 3.9.3.
     + Update to DEP5 copyright-format 1.0.
       + Add /me to debian copyright.
 .
   [ Niko Tyni ]
   * Note that this fixes CVE-2012-1152.
   * Upload at urgency=medium
Checksums-Sha1: 
 856902f28f457b3e8db322ddf039d8551501f82e 1544 libyaml-libyaml-perl_0.38-2.dsc
 5bec76bbfd12da7b5a031cac230d12b47c6a57a2 3108 libyaml-libyaml-perl_0.38-2.debian.tar.gz
 2bfdaf698647ce9694841ac1fc6188288146a51a 77662 libyaml-libyaml-perl_0.38-2_amd64.deb
Checksums-Sha256: 
 52e2091bdc8fecf957b866a6a704cba727ac5cc9b20ac546a1cd51e57feec81e 1544 libyaml-libyaml-perl_0.38-2.dsc
 019baeaf589a3f6e2c6818a2c35c8d0dae7345963dc92786700abad0eb686468 3108 libyaml-libyaml-perl_0.38-2.debian.tar.gz
 5f3c078619fc4d4124560e6f436878b5803ddb26fa90c54ae1186bdfc83f21cb 77662 libyaml-libyaml-perl_0.38-2_amd64.deb
Files: 
 8a7c9f34cf8b106dd59d69104c8412c9 1544 perl optional libyaml-libyaml-perl_0.38-2.dsc
 1ec8dad95a5650091c6f91e3aaefc6f3 3108 perl optional libyaml-libyaml-perl_0.38-2.debian.tar.gz
 5f9e74d1f3ff8fee9255fbf6b1be1940 77662 perl optional libyaml-libyaml-perl_0.38-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk9a/ngACgkQiyizGWoHLTlFhgCeK9gsJyypsW8t5bWtI+iCtquZ
MLoAn1f0MYuBsvJrX4yruBlgcSILRxYL
=wK0c
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#661548; Package src:libyaml-libyaml-perl. (Sat, 10 Mar 2012 07:51:15 GMT) Full text and rfc822 format available.

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>. (Sat, 10 Mar 2012 07:51:16 GMT) Full text and rfc822 format available.

Message #35 received at 661548@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Niko Tyni <ntyni@debian.org>, 661548@bugs.debian.org
Cc: Dominic Hargreaves <dom@earth.li>, team@security.debian.org
Subject: Re: Bug#661548: libyaml-libyaml-perl: FTBFS with hardening flags enabled: -Werror=format-security
Date: Sat, 10 Mar 2012 08:48:37 +0100
[Message part 1 (text/plain, inline)]
Hi Niko

On Fri, Mar 09, 2012 at 08:09:54AM +0200, Niko Tyni wrote:
> severity 661548 grave
> tag 661548 security
> found 661548 0.33-1
> thanks
> 
> On Mon, Feb 27, 2012 at 09:44:42PM +0000, Dominic Hargreaves wrote:
> > Source: libyaml-libyaml-perl
> > Severity: normal
> > Version: 0.38-1
> > User: debian-qa@lists.debian.org
> > Usertags: hardening-format-security hardening
> > 
> > With hardening flags enabled, this package FTBFS:
> > 
> > perl_libyaml.c: In function 'Load':
> > perl_libyaml.c:191:5: error: format not a string literal and no format arguments [-Werror=format-security]
> > perl_libyaml.c: In function 'load_node':
> > perl_libyaml.c:274:9: error: format not a string literal and no format arguments [-Werror=format-security]
> > perl_libyaml.c: In function 'load_mapping':
> > perl_libyaml.c:318:9: error: format not a string literal and no format arguments [-Werror=format-security]
> > perl_libyaml.c: In function 'load_sequence':
> > perl_libyaml.c:351:9: error: format not a string literal and no format arguments [-Werror=format-security]
> 
> These format strings can be injected from user input,
> so raising the severity. A DSA will be issued for squeeze.
> 
> I've just notified upstream via the RT tickets below. Could somebody from
> the pkg-perl team please prepare updated packages (built with -sa for
> stable-security as this is new there)?  Trivial patches can be found in

Are you going to prepare the upload for it? In other case I have
prepared the branch in our git repository with the fix taken from
Upstream RT#46507 patch there.

A review would anyway be welcome.

Regards
Salvatore
[debdiff_libyaml_libyaml-perl_0.33-2.diff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#661548; Package src:libyaml-libyaml-perl. (Sat, 10 Mar 2012 07:51:18 GMT) Full text and rfc822 format available.

Acknowledgement sent to Niko Tyni <ntyni@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>. (Sat, 10 Mar 2012 07:51:19 GMT) Full text and rfc822 format available.

Message #40 received at 661548@bugs.debian.org (full text, mbox):

From: Niko Tyni <ntyni@debian.org>
To: 661548@bugs.debian.org
Cc: team@security.debian.org, Dominic Hargreaves <dom@earth.li>
Subject: Re: Bug#661548: libyaml-libyaml-perl: FTBFS with hardening flags enabled: -Werror=format-security
Date: Sat, 10 Mar 2012 09:49:42 +0200
On Thu, Mar 08, 2012 at 10:03:37PM +0100, Moritz Mühlenhoff wrote:

> > On Mon, Feb 27, 2012 at 09:44:42PM +0000, Dominic Hargreaves wrote:
> > > Source: libyaml-libyaml-perl
> > > Severity: normal
> > > Version: 0.38-1
> > > User: debian-qa@lists.debian.org
> > > Usertags: hardening-format-security hardening

> Can someone from pkg-perl prepare updated packages? (Which need to build with
> -sa since both are new in stable-security)

0.33-1+squeeze1 uploaded to stable-security.
-- 
Niko Tyni   ntyni@debian.org




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#661548; Package src:libyaml-libyaml-perl. (Sat, 10 Mar 2012 07:51:21 GMT) Full text and rfc822 format available.

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>. (Sat, 10 Mar 2012 07:51:21 GMT) Full text and rfc822 format available.

Message #45 received at 661548@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Niko Tyni <ntyni@debian.org>, 661548@bugs.debian.org
Cc: Dominic Hargreaves <dom@earth.li>, team@security.debian.org
Subject: Re: Bug#661548: libyaml-libyaml-perl: FTBFS with hardening flags enabled: -Werror=format-security
Date: Sat, 10 Mar 2012 08:50:10 +0100
[Message part 1 (text/plain, inline)]
Hi

Ok just saw on our IRC channel:

[08:46] < KGB-0> ntyni squeeze 8e768d4 libyaml-libyaml-perl debian/ changelog patches/format-error.patch patches/series
[08:46] < KGB-0> [SECURITY] CVE-2012-1152: Fix format string vulnerabilities in YAML parsing. (Closes: #661548)
[08:47] < KGB-1> ntyni signed tags 4c10545 libyaml-libyaml-perl debian/0.33-1+squeeze1 * Debian release 0.33-1+squeeze1 (tagged commit: 8e768d4)

So, discard my last mail.

Thanks Niko for your work!

Regards
Salvatore
[signature.asc (application/pgp-signature, inline)]

Reply sent to Niko Tyni <ntyni@debian.org>:
You have taken responsibility. (Mon, 12 Mar 2012 22:03:03 GMT) Full text and rfc822 format available.

Notification sent to Dominic Hargreaves <dom@earth.li>:
Bug acknowledged by developer. (Mon, 12 Mar 2012 22:03:06 GMT) Full text and rfc822 format available.

Message #50 received at 661548-close@bugs.debian.org (full text, mbox):

From: Niko Tyni <ntyni@debian.org>
To: 661548-close@bugs.debian.org
Subject: Bug#661548: fixed in libyaml-libyaml-perl 0.33-1+squeeze1
Date: Mon, 12 Mar 2012 22:02:10 +0000
Source: libyaml-libyaml-perl
Source-Version: 0.33-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
libyaml-libyaml-perl, which is due to be installed in the Debian FTP archive:

libyaml-libyaml-perl_0.33-1+squeeze1.debian.tar.gz
  to main/liby/libyaml-libyaml-perl/libyaml-libyaml-perl_0.33-1+squeeze1.debian.tar.gz
libyaml-libyaml-perl_0.33-1+squeeze1.dsc
  to main/liby/libyaml-libyaml-perl/libyaml-libyaml-perl_0.33-1+squeeze1.dsc
libyaml-libyaml-perl_0.33-1+squeeze1_amd64.deb
  to main/liby/libyaml-libyaml-perl/libyaml-libyaml-perl_0.33-1+squeeze1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 661548@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niko Tyni <ntyni@debian.org> (supplier of updated libyaml-libyaml-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 10 Mar 2012 08:46:55 +0200
Source: libyaml-libyaml-perl
Binary: libyaml-libyaml-perl
Architecture: source amd64
Version: 0.33-1+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: Niko Tyni <ntyni@debian.org>
Description: 
 libyaml-libyaml-perl - Perl interface to libyaml, a YAML implementation
Closes: 661548
Changes: 
 libyaml-libyaml-perl (0.33-1+squeeze1) stable-security; urgency=high
 .
   * [SECURITY] CVE-2012-1152: Fix format string vulnerabilities in
     YAML parsing. (Closes: #661548)
Checksums-Sha1: 
 ae0798ad80d409b8206a3fdda393fcb1b438d30b 1422 libyaml-libyaml-perl_0.33-1+squeeze1.dsc
 1c058fc54ffdedd39d8a93926ac3bedda94fdb71 146030 libyaml-libyaml-perl_0.33.orig.tar.gz
 b733a68187dd6e0c777ff241a4c95265df15f5b8 2827 libyaml-libyaml-perl_0.33-1+squeeze1.debian.tar.gz
 55c970413df006895589b62c4f03ea06f38c7209 75762 libyaml-libyaml-perl_0.33-1+squeeze1_amd64.deb
Checksums-Sha256: 
 f75be49d41bea06686842d0ba475b2551d0e60627d5aa4a29d66faee4344bfa3 1422 libyaml-libyaml-perl_0.33-1+squeeze1.dsc
 70c4f7604aeedfc374b64c94745963391eea192d285ffbf4234c4463d78363bc 146030 libyaml-libyaml-perl_0.33.orig.tar.gz
 92e065dc66342a0e07a68878499e9bbe622493af6f0260e2d889aec4716f550b 2827 libyaml-libyaml-perl_0.33-1+squeeze1.debian.tar.gz
 c085591464c37e985953a1625d642ed9ba67bf7fa7ac21dea10056d6e2a8b654 75762 libyaml-libyaml-perl_0.33-1+squeeze1_amd64.deb
Files: 
 70dac728afa94e3d2cf7cc8018007d7f 1422 perl optional libyaml-libyaml-perl_0.33-1+squeeze1.dsc
 001a21618af05ee3a12dbb8cd6bd9b13 146030 perl optional libyaml-libyaml-perl_0.33.orig.tar.gz
 baf13d78d7166c86fcc2c62acf225d5c 2827 perl optional libyaml-libyaml-perl_0.33-1+squeeze1.debian.tar.gz
 d8511a72c7338aae6e8c74de6f45bde7 75762 perl optional libyaml-libyaml-perl_0.33-1+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk9bBjgACgkQiyizGWoHLTm+BwCgpdHKiOrrMZM0aVXlHCQwrlEj
Q18AoK9vRuQ3ah0emGr12g9958ybXZUy
=Jgc0
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 13 May 2012 07:42:51 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 20:15:02 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.