Version in base suite: 0.29-3

Base version: libbytes-random-secure-perl_0.29-3
Target version: libbytes-random-secure-perl_0.29-4~deb13u1~deb12u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/libb/libbytes-random-secure-perl/libbytes-random-secure-perl_0.29-3.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/libb/libbytes-random-secure-perl/libbytes-random-secure-perl_0.29-4~deb13u1~deb12u1.dsc

 changelog                       |   19 +++++++++++++
 patches/CVE-2026-11625-r1.patch |   57 ++++++++++++++++++++++++++++++++++++++++
 patches/series                  |    1 
 3 files changed, 77 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpp6leszcj/libbytes-random-secure-perl_0.29-3.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpp6leszcj/libbytes-random-secure-perl_0.29-4~deb13u1~deb12u1.dsc: no acceptable signature found
diff -Nru libbytes-random-secure-perl-0.29/debian/changelog libbytes-random-secure-perl-0.29/debian/changelog
--- libbytes-random-secure-perl-0.29/debian/changelog	2022-12-08 12:41:21.000000000 +0000
+++ libbytes-random-secure-perl-0.29/debian/changelog	2026-06-26 18:35:55.000000000 +0000
@@ -1,3 +1,22 @@
+libbytes-random-secure-perl (0.29-4~deb13u1~deb12u1) bookworm; urgency=medium
+
+  * Rebuild for bookworm
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 26 Jun 2026 20:35:55 +0200
+
+libbytes-random-secure-perl (0.29-4~deb13u1) trixie; urgency=medium
+
+  * Rebuild for trixie
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 26 Jun 2026 20:32:02 +0200
+
+libbytes-random-secure-perl (0.29-4) unstable; urgency=medium
+
+  * Team upload.
+  * Fix incorrect usage of seed in PRNG (CVE-2026-11625)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 26 Jun 2026 17:27:21 +0200
+
 libbytes-random-secure-perl (0.29-3) unstable; urgency=medium
 
   [ Debian Janitor ]
diff -Nru libbytes-random-secure-perl-0.29/debian/patches/CVE-2026-11625-r1.patch libbytes-random-secure-perl-0.29/debian/patches/CVE-2026-11625-r1.patch
--- libbytes-random-secure-perl-0.29/debian/patches/CVE-2026-11625-r1.patch	1970-01-01 00:00:00.000000000 +0000
+++ libbytes-random-secure-perl-0.29/debian/patches/CVE-2026-11625-r1.patch	2026-06-26 18:35:55.000000000 +0000
@@ -0,0 +1,57 @@
+From 20828ef859e215565ba17a9a24af3a42b0c4360a Mon Sep 17 00:00:00 2001
+From: Robert Rothenberg <perl@rhizomnic.com>
+Date: Thu, 25 Jun 2026 14:43:11 +0100
+Subject: [PATCH] Fix for CVE-2026-11625
+
+---
+ lib/Bytes/Random/Secure.pm | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/lib/Bytes/Random/Secure.pm b/lib/Bytes/Random/Secure.pm
+index 65fbfe2..5bd3714 100644
+--- a/lib/Bytes/Random/Secure.pm
++++ b/lib/Bytes/Random/Secure.pm
+@@ -156,6 +156,7 @@ sub _build_attributes {
+       $self->{$arg} = exists $args->{$arg} ? $args->{$arg} : $default;
+     }
+ 
++    $self->{_pid} = $$;
+     $self->{_RNG} = undef;    # Lazy initialization.
+     return $self;
+ }
+@@ -171,6 +172,8 @@ sub _instantiate_rng {
+     my @seeds = $self->_generate_seed( %seed_opts );
+     $self->{_RNG} = Math::Random::ISAAC->new(@seeds);
+ 
++    $self->{_pid} = $$;
++
+     return $self->{_RNG};
+ }
+ 
+@@ -224,7 +227,7 @@ sub bytes {
+   $bytes = defined $bytes ? $bytes : 0; # Default to zero bytes.
+   $self->_validate_int( $bytes ); # Throws on violation.
+ 
+-  $self->_instantiate_rng unless defined $self->{_RNG};
++  $self->_instantiate_rng unless $$ == $self->{_pid} && defined $self->{_RNG};
+ 
+   my $str = '';
+ 
+@@ -302,7 +305,7 @@ sub _ranged_randoms {
+     $count = defined $count ? $count : 0;
+ 
+     # Lazily seed the RNG so we don't waste available strong entropy.
+-    $self->_instantiate_rng unless defined $self->{_RNG};
++    $self->_instantiate_rng unless $$ == $self->{_pid} && defined $self->{_RNG};
+ 
+     my $divisor = $self->_closest_divisor($range);
+ 
+@@ -354,7 +357,7 @@ sub _closest_divisor {
+ 
+ sub irand {
+   my( $self ) = @_;
+-  $self->_instantiate_rng unless defined $self->{_RNG};
++  $self->_instantiate_rng unless $$ == $self->{_pid} && defined $self->{_RNG};
+   return $self->{_RNG}->irand;
+ }
+ 
diff -Nru libbytes-random-secure-perl-0.29/debian/patches/series libbytes-random-secure-perl-0.29/debian/patches/series
--- libbytes-random-secure-perl-0.29/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ libbytes-random-secure-perl-0.29/debian/patches/series	2026-06-26 18:35:55.000000000 +0000
@@ -0,0 +1 @@
+CVE-2026-11625-r1.patch