libmodule-signature-perl - module to manipulate CPAN SIGNATURE files

Distribution: Debian 8 (Jessie)
Repository: Debian Main i386
Package name: libmodule-signature-perl
Package version: 0.73
Package release: 1+deb8u2
Package architecture: all
Package type: deb
Installed size: 108 B
Download size: 29.73 KB
Official Mirror:
Module::Signature is a Perl module that adds cryptographic authentications to CPAN distributions, via the special SIGNATURE file. It also includes various tools to sign distributions and to verify signatures and supports using many different cryptographic hashing algorithms.



    Source package: libmodule-signature-perl

    Install Howto

    1. Update the package index:
      # sudo apt-get update
    2. Install libmodule-signature-perl deb package:
      # sudo apt-get install libmodule-signature-perl


    • /usr/bin/cpansign
    • /usr/share/doc/libmodule-signature-perl/changelog.Debian.gz
    • /usr/share/doc/libmodule-signature-perl/changelog.gz
    • /usr/share/doc/libmodule-signature-perl/copyright
    • /usr/share/doc/libmodule-signature-perl/examples/0-signature.t
    • /usr/share/man/man1/cpansign.1p.gz
    • /usr/share/man/man3/Module::Signature.3pm.gz
    • /usr/share/perl5/Module/


    2015-05-20 - Salvatore Bonaccorso <> libmodule-signature-perl (0.73-1+deb8u2) jessie-security; urgency=high * Team upload. * Add 0001-make-skip-work-again.patch patch. Restore --skip functionality for cpansign. (Closes: #785701)

    2015-05-14 - Salvatore Bonaccorso <> libmodule-signature-perl (0.73-1+deb8u1) jessie-security; urgency=high * Team upload. * Add CVE-2015-3406_CVE-2015-3407_CVE-2015-3408.patch patch. CVE-2015-3406: Module::Signature parses the unsigned portion of the SIGNATURE file as the signed portion due to incorrect handling of PGP signature boundaries. CVE-2015-3407: Module::Signature incorrectly handles files that are not listed in the SIGNATURE file. This includes some files in the t/ directory that would execute when tests are run. CVE-2015-3408: Module::Signature uses two argument open() calls to read the files when generating checksums from the signed manifest, allowing to embed arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process. (Closes: #783451) * Add CVE-2015-3409.patch patch. CVE-2015-3409: Module::Signature incorrectly handles module loading allowing to load modules from relative paths in @INC. A remote attacker providing a malicious module could use this issue to execute arbitrary code during signature verification. (Closes: #783451) * Add Fix-signature-tests.patch patch. Fix signature tests by defaulting to verify(skip=>1) when $ENV{TEST_SIGNATURE} is true.

    2013-06-07 - Salvatore Bonaccorso <> libmodule-signature-perl (0.73-1) unstable; urgency=low * Team upload. [ Ansgar Burchardt ] * debian/control: Convert Vcs-* fields to Git. [ Salvatore Bonaccorso ] * Imported Upstream version 0.73 - Fixes CVE-2013-2145: arbitrary code execution when verifying SIGNATURE (Closes: #711239). * Change Vcs-Git to canonical URI (git:// * Change based URIs to based URIs * Update debian/copyright file information. Update format to copyright-format 1.0 as released together with Debian policy 3.9.3. Update copyright years for included copy of Module::Install. Add missing stanza for (from Module::Install::ReadmeFromPod). * Bump Standards-Version to 3.9.4 * Add an alternative Recommends on gnupg2

    2011-05-13 - Jotam Jr. Trejo <> libmodule-signature-perl (0.68-1) unstable; urgency=low [ Jotam Jr. Trejo ] * New upstream release * Bump DH compat level to 8 [ gregor herrmann ] * Don't run test that needs network access. * Clean up (build) dependencies.

    2011-04-23 - Jotam Jr. Trejo <> libmodule-signature-perl (0.67-1) unstable; urgency=low [ Jotam Jr. Trejo ] * New upstream release * debian/control: add libipc-run-perl to B-D-I, needed for some tests * debian/copyright: refresh according to DEP 5 revision 135 * debian/control: bump Standards Version to 3.9.2 (no changes) * Add myself to Uploaders and Copyright [ Ansgar Burchardt ] * debian/copyright: Update gregor herrmann's email address.

    2010-12-13 - Peter Pentchev <> libmodule-signature-perl (0.66-2) unstable; urgency=low [ Peter Pentchev ] * Team upload. * Install the t/0-signature.t file as an example. Closes: #606974 [ gregor herrmann ] * debian/copyright: update license stanzas. * debian/control: remove "perl (>= 5.10) | libdigest-sha-perl" from (Build-)Depends(-Indep), lenny has already perl 5.10.

    2010-09-27 - Krzysztof Krzy┼╝aniak (eloy) <> libmodule-signature-perl (0.66-1) unstable; urgency=low * New upstream release * debian/control: update Standards-Version to 3.9.1 without any changes