-
perl (5.26.1-6ubuntu0.7) bionic-security; urgency=medium
* SECURITY UPDATE: insecure default TLS configuration in HTTP::Tiny module
- debian/patches/CVE-2023-31484.patch: add verify_SSL=>1 to HTTP::Tiny to
verify https server identity.
- CVE-2023-31484
-- Camila Camargo de Matos <email address hidden> Tue, 23 May 2023 14:17:19 -0300
-
perl (5.26.1-6ubuntu0.6) bionic-security; urgency=medium
* SECURITY UPDATE: Signature verification bypass
- debian/patches/CVE-2020-16156-1.patch: signature
verification type CANNOT_VERIFY was not recognized
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debia/patches/CVE-2020-16156-2.patch: add two new failure modes
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-3.patch: use gpg
to disentangle data and signature in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-4.patch: replacing die with mydie in
three spots in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-5.patch: disambiguate the call
to gpg --output by adding --verify in
cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-6.patch: corrects typo
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-7.patch: corrects typo
in cpan/CPAN/lib/CPAN/Distribution.pm.
- CVE-2020-16156
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 05 Oct 2022 07:49:22 -0300
-
perl (5.26.1-6ubuntu0.5) bionic-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in regex compiler
- debian/patches/fixes/CVE-2020-10543.patch: prevent integer overflow
from nested regex quantifiers in regcomp.c.
- CVE-2020-10543
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/fixes/CVE-2020-10878.patch: extract
rck_elide_nothing in embed.fnc, embed.h, proto.h, regcomp.c.
- CVE-2020-10878
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/fixes/CVE-2020-12723.patch: avoid mutating regexp
program within GOSUB in embed.fnc, embed.h, proto.h, regcomp.c,
t/re/pat.t.
- CVE-2020-12723
* debian/patches/fixes/fix_test_2020.patch: fix FTBFS caused by test
failing in the year 2020 in cpan/Time-Local/t/Local.t.
-- Marc Deslauriers <email address hidden> Mon, 19 Oct 2020 06:57:24 -0400
-
perl (5.26.1-6ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow leading to buffer overflow
- debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in
util.c.
- CVE-2018-18311
* SECURITY UPDATE: Heap-buffer-overflow write / reg_node overrun
- debian/patches/fixes/CVE-2018-18312.patch: fix logic in regcomp.c.
- CVE-2018-18312
* SECURITY UPDATE: Heap-buffer-overflow read
- debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to
memchr in regcomp.c.
- CVE-2018-18313
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/fixes/CVE-2018-18314.patch: fix extended charclass in
pod/perldiag.pod, pod/perlrecharclass.pod, regcomp.c,
t/lib/warnings/regcomp, t/re/reg_mesg.t, t/re/regex_sets.t.
- CVE-2018-18314
-- Marc Deslauriers <email address hidden> Mon, 19 Nov 2018 10:54:44 -0500
-
perl (5.26.1-6ubuntu0.2) bionic; urgency=high
* No change rebuild to fix LP: #1574351
-- Balint Reczey <email address hidden> Wed, 18 Jul 2018 16:21:03 +0200
-
perl (5.26.1-6ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Directory traversal vulnerability
- debian/patches/fixes/CVE-2018-12015.patch: fix ing
cpan/Archive-Tar/lib/Archive/Tar.pm.
- CVE-2018-12015
-- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Jun 2018 16:32:02 -0300
-
perl (5.26.1-6) unstable; urgency=high
* [SECURITY] CVE-2018-6797: buffer overflow related to regex
unicode semantics.
* [SECURITY] CVE-2018-6798: heap buffer overflow when matching
malformed UTF-8 characters.
* [SECURITY] CVE-2018-6913: heap buffer overflow with large data blocks.
-- Niko Tyni <email address hidden> Sat, 10 Mar 2018 20:40:42 +0200
-
perl (5.26.1-5) unstable; urgency=medium
* Mark _LIB_VERSION as an optional symbol for glibc 2.27 compatibility.
Patch by Aurelien Jarno. (Closes: #890242)
* Refresh cross build support files.
* Apply an upstream patch by Yves Orton to fix a regexp related memory
leak, regressed in 5.26. (Closes: #891196)
* Build-Depend on libgdbm-compat-dev to restore the NDBM_File and
ODBM_File modules. (Closes: #891229)
-- Niko Tyni <email address hidden> Fri, 23 Feb 2018 17:23:43 +0200
-
perl (5.26.1-4build1) bionic; urgency=medium
* Rebuild against new libgdbm5.
-- Gianfranco Costamagna <email address hidden> Fri, 02 Feb 2018 15:26:29 +0100
-
perl (5.26.1-4) unstable; urgency=medium
[ Dominic Hargreaves ]
* Use dpkg-vendor to configure perl with a vendor-specific
"configured by" string (Closes: #884924)
[ Niko Tyni ]
* Also look in <version>/<archname> subdirectories for binary compatible
modules built for older Perl versions. (Closes: #886494)
* Backport upstream Encode patch fixing find_encoding() infinite recursion.
(Closes: #880085)
-- Niko Tyni <email address hidden> Fri, 12 Jan 2018 21:31:09 +0200
-
perl (5.26.1-3) unstable; urgency=medium
[ Dominic Hargreaves ]
* Include a note about debugging information in perl-debug in the package
description (Closes: #880117)
[ Niko Tyni ]
* Restore SIGUNUSED on glibc >= 2.26 to preserve ABI compatibility.
(Closes: #875927)
* No longer use xlocale.h, removed in glibc 2.26. (Closes: #882978)
-- Niko Tyni <email address hidden> Tue, 28 Nov 2017 19:44:14 +0200
-
perl (5.26.1-2ubuntu1) bionic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Build-depend on libc6-dev (>= 2.26).
- Restore the SIGUNUSED signal. LP: #1717367.
- Changes can be dropped with the next perl ABI bump, or with a perl
upstream fix to restore ABI compatibility with glibc-2.26.
perl (5.26.1-2) unstable; urgency=medium
* Upload to unstable.
perl (5.26.1-1) experimental; urgency=medium
[ Dominic Hargreaves ]
* Mark perl-doc as Multi-Arch: foreign (Closes: #876062)
* New upstream release
[ Niko Tyni ]
* Patch Pod::Perldoc::ToTerm to set LESS=-R with sensible-pager.
This is a hopefully temporary fix while upstream is working on the
bigger issue. (Closes: #870340)
* Include sources of Configure in a separate tarball component called
"regen-configure", and verify them by regenerating Configure on every
build using 'makeconfig' from the 'dist' package and checking for
any changes. Special thanks to H.Merijn Brand (upstream) for helping
with this at the Perl 5 Hackathon in Amsterdam. (Closes: #762638)
[ Dominic Hargreaves ]
* Replace various test skips with an upstreamable patch
* Upload to experimental
-- Gianfranco Costamagna <email address hidden> Tue, 31 Oct 2017 15:55:37 CET
-
perl (5.26.0-8ubuntu1) artful; urgency=medium
* Build-depend on libc6-dev (>= 2.26).
* Restore the SIGUNUSED signal. LP: #1717367.
* Changes can be dropped with the next perl ABI bump, or with a perl
upstream fix to restore ABI compatibility with glibc-2.26.
perl (5.26.0-8) unstable; urgency=high
* [SECURITY] CVE-2017-12837: Fix a heap buffer overflow in regular
expression compiler. (Closes: #875596)
* [SECURITY] CVE-2017-12883: Fix a buffer over-read in regular
expression parser. (Closes: #875597)
-- Matthias Klose <email address hidden> Fri, 15 Sep 2017 18:13:42 +0200
