libmodule-signature-perl - module to manipulate CPAN SIGNATURE files

Property Value
Distribution Debian 8 (Jessie)
Repository Debian Main amd64
Package name libmodule-signature-perl
Package version 0.73
Package release 1+deb8u2
Package architecture all
Package type deb
Installed size 108 B
Download size 29.73 KB
Official Mirror
Module::Signature is a Perl module that adds cryptographic authentications to
CPAN distributions, via the special SIGNATURE file. It also includes various
tools to sign distributions and to verify signatures and supports using many
different cryptographic hashing algorithms.


Package Version Architecture Repository
libmodule-signature-perl_0.73-1+deb8u2_all.deb 0.73 all Debian Main
libmodule-signature-perl - - -


Name Value
perl -


Type URL
Binary Package libmodule-signature-perl_0.73-1+deb8u2_all.deb
Source Package libmodule-signature-perl

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install libmodule-signature-perl deb package:
    # sudo apt-get install libmodule-signature-perl




2015-05-20 - Salvatore Bonaccorso <>
libmodule-signature-perl (0.73-1+deb8u2) jessie-security; urgency=high
* Team upload.
* Add 0001-make-skip-work-again.patch patch.
Restore --skip functionality for cpansign. (Closes: #785701)
2015-05-14 - Salvatore Bonaccorso <>
libmodule-signature-perl (0.73-1+deb8u1) jessie-security; urgency=high
* Team upload.
* Add CVE-2015-3406_CVE-2015-3407_CVE-2015-3408.patch patch.
CVE-2015-3406: Module::Signature parses the unsigned portion of the
SIGNATURE file as the signed portion due to incorrect handling of PGP
signature boundaries.
CVE-2015-3407: Module::Signature incorrectly handles files that are not
listed in the SIGNATURE file. This includes some files in the t/
directory that would execute when tests are run.
CVE-2015-3408: Module::Signature uses two argument open() calls to read
the files when generating checksums from the signed manifest, allowing
to embed arbitrary shell commands into the SIGNATURE file that would
execute during the signature verification process. (Closes: #783451)
* Add CVE-2015-3409.patch patch.
CVE-2015-3409: Module::Signature incorrectly handles module loading
allowing to load modules from relative paths in @INC. A remote attacker
providing a malicious module could use this issue to execute arbitrary
code during signature verification. (Closes: #783451)
* Add Fix-signature-tests.patch patch.
Fix signature tests by defaulting to verify(skip=>1) when
2013-06-07 - Salvatore Bonaccorso <>
libmodule-signature-perl (0.73-1) unstable; urgency=low
* Team upload.
[ Ansgar Burchardt ]
* debian/control: Convert Vcs-* fields to Git.
[ Salvatore Bonaccorso ]
* Imported Upstream version 0.73
- Fixes CVE-2013-2145: arbitrary code execution when verifying SIGNATURE
(Closes: #711239).
* Change Vcs-Git to canonical URI (git://
* Change based URIs to based URIs
* Update debian/copyright file information.
Update format to copyright-format 1.0 as released together with Debian
policy 3.9.3.
Update copyright years for included copy of Module::Install.
Add missing stanza for (from
* Bump Standards-Version to 3.9.4
* Add an alternative Recommends on gnupg2
2011-05-13 - Jotam Jr. Trejo <>
libmodule-signature-perl (0.68-1) unstable; urgency=low
[ Jotam Jr. Trejo ]
* New upstream release
* Bump DH compat level to 8
[ gregor herrmann ]
* Don't run test that needs network access.
* Clean up (build) dependencies.
2011-04-23 - Jotam Jr. Trejo <>
libmodule-signature-perl (0.67-1) unstable; urgency=low
[ Jotam Jr. Trejo ]
* New upstream release
* debian/control: add libipc-run-perl to B-D-I, needed for some tests
* debian/copyright: refresh according to DEP 5 revision 135
* debian/control: bump Standards Version to 3.9.2 (no changes)
* Add myself to Uploaders and Copyright
[ Ansgar Burchardt ]
* debian/copyright: Update gregor herrmann's email address.
2010-12-13 - Peter Pentchev <>
libmodule-signature-perl (0.66-2) unstable; urgency=low
[ Peter Pentchev ]
* Team upload.
* Install the t/0-signature.t file as an example.  Closes: #606974
[ gregor herrmann ]
* debian/copyright: update license stanzas.
* debian/control: remove "perl (>= 5.10) | libdigest-sha-perl" from
(Build-)Depends(-Indep), lenny has already perl 5.10.
2010-09-27 - Krzysztof Krzy┼╝aniak (eloy) <>
libmodule-signature-perl (0.66-1) unstable; urgency=low
* New upstream release
* debian/control: update Standards-Version to  3.9.1 without any changes

See Also

Package Description
libmodule-starter-pbp-perl_0.0.3-1_all.deb Perl module to create new perl modules following best practices
libmodule-starter-perl_1.620+dfsg-1_all.deb simple starter kit for Perl modules
libmodule-starter-plugin-cgiapp-perl_0.42-1_all.deb template based module starter for CGI apps
libmodule-starter-plugin-simplestore-perl_0.144-1_all.deb template storage methods for Module::Starter
libmodule-starter-plugin-tt2-perl_0.125-1_all.deb module providing Template toolkit support for Module::Starter
libmodule-starter-smart-perl_0.0.5-1_all.deb Module::Starter plugin to add new modules into existing distributions
libmodule-used-perl_1.3.0-1_all.deb library to detect modules loaded by Perl code without running it
libmodule-util-perl_1.09-1_all.deb Perl module to manipulate Perl module names
libmodule-versions-report-perl_1.06-1_all.deb Report versions of all modules in memory
libmodule-want-perl_0.6-1_all.deb module to check @INC only once for wanted modules
libmoe-dev_1.5.8-1_amd64.deb library to handle multiple octets character encoding scheme (devel files)
libmoe1.5_1.5.8-1_amd64.deb library to handle multiple octets character encoding scheme
libmojo-server-fastcgi-perl_0.41-1_all.deb Mojolicious FastCGI Server
libmojolicious-perl_5.54+dfsg-1_all.deb simple, yet powerful, Web Application Framework
libmojolicious-plugin-authentication-perl_1.26-1_all.deb module to make authentication a bit easier for Mojolicious