-
perl (5.8.8-12ubuntu0.8) hardy-security; urgency=low
* SECURITY UPDATE: algorithmic complexity attack on hash keys
- debian/patches/79_CVE-2013-1667: fix hsplit() in hv.c, fix tests in
t/op/hash.t.
- CVE-2013-1667
-- Marc Deslauriers <email address hidden> Mon, 18 Mar 2013 12:32:01 -0400
-
perl (5.8.8-12ubuntu0.7) hardy-security; urgency=low
* SECURITY UPDATE: Injection problem in Digest::new
- CVE-2011-3597
- http://rt.cpan.org/Public/Bug/Display.html?id=71390
* SECURITY UPDATE: Heap overflow in "x" operator (LP: #1069034)
- CVE-2012-5195
- http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html
* SECURITY UPDATE: CGI.pm improper cookie and p3p CRLF escaping
- CVE-2012-5526
- http://github.com/markstos/CGI.pm/pull/23.patch
-- Seth Arnold <email address hidden> Tue, 27 Nov 2012 23:15:32 -0800
-
perl (5.8.8-12ubuntu0.5) hardy-security; urgency=low
* SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
- debian/patches/74_CVE-2010-1168: update Safe.pm to version 2.29 to
fix multiple issues.
- CVE-2010-1168
- CVE-2010-1447
* SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary,
and CRLF injections.
- debian/patches/75_cgi-multiline-header: fix issues with patch
obtained from (5.10.1-17).
- CVE-2010-2716
- CVE-2010-4410
- CVE-2010-4411
-- Marc Deslauriers <email address hidden> Fri, 22 Apr 2011 12:48:43 -0400
-
perl (5.8.8-12ubuntu0.4) hardy-security; urgency=low
* 10_fix_h2ph_include_quote: handle system headers with quotes,
thanks to Niko Tyni (LP: #315991).
* debian/rules: verify required .ph files during build.
-- Kees Cook <email address hidden> Tue, 13 Jan 2009 17:20:54 -0800
-
perl (5.8.8-12ubuntu0.3) hardy-security; urgency=low
* SECURITY UPDATE: race condition in File::Path::rmtree could allow
arbitrary file removal and setuid file creation.
- 17_fix_file_path: upstream fixes, thanks to Niko Tyni.
- 17_fix_file_path_chdir: fix regressions in rmtree symantics.
- CVE-2008-5302 CVE-2008-5303
* SECURITY UPDATE: crash on 64bit via crafted utf8 encodings.
- 48_utf8_heap_overflow: upstream fixes, thanks to Niko Tyni and
Florian Weimer.
- CVE-2008-1927
-- Kees Cook <email address hidden> Fri, 05 Dec 2008 14:19:35 -0800
-
perl (5.8.8-12) unstable; urgency=high
* SECURITY [CVE-2007-5116] (closes: #450456): Apply patch from
Will Drewry and Tavis Ormandy of the Google Security Team to fix a
UTF-8 related heap overflow in Perl's regular expression compiler,
probably allowing attackers to execute arbitrary code by compiling
specially crafted regular expressions.
* Support "nocheck" option in DEB_BUILD_OPTIONS (closes: #449549).
* Suppress Configure test for ualarm() so that setitimer() emulation
is used (closes: #448965).
perl (5.8.8-11.1) unstable; urgency=high
* Non-maintainer upload.
* Urgency high because of RC bug fix.
* Fix h2ph to generate a correct check to distinguish i386/amd64 systems.
(Closes: #443785)
perl (5.8.8-11) unstable; urgency=low
* Remove arm and alpha special cases (closes: #443353).
perl (5.8.8-10) unstable; urgency=low
* Add support for SH4 arch (closes: #424867).
* Add --strip-unneeded when stripping shared objects.
* Include stripped debugging symbols for perl and libperl.so in
/usr/lib/debug in perl-debug package (closes: #433631).
* Switch to libdb4.6 (closes: #427517).
* Re-instate libcgi-fast-perl, relocating module to vendor directory
(closes: #443236).
perl (5.8.8-9) unstable; urgency=low
* Fix perl-base replaces after move of PVA.pl etc.
* Remove ancient conflicts on perl-transition packages (perl-5.004, etc).
* Bump dependency of perl-modules on perl to version after move of
modules to perl-base (closes: #377385).
* Pod/Man.pm: preserve quote chars in verbatim paragraphs (closes: #393810).
* Fix typo in Locale::Maketext::TPJ13 docs (closes: #320060).
perl (5.8.8-8) unstable; urgency=low
* Include unicore/{PVA,Exact,Canonical}.pl in perl-base (closes: #437142).
* Install libnet.cfg in /etc/perl/Net (closes: #425850).
* Update makedepend.SH from perl-current to handle changed
preprocessor output from new gcc (closes: #381703).
* Fix CGI::upload when fileno == 0 (closes: #383378).
* Abort CPAN setup if stdin is not a tty (closes: #246511).
* Bump gcc build-depends to 4.2 and remove workaround added for register
declaration problems in g++ 4.1 (closes: #378399).
* Replace '_' with '.' in conflict version for libattribute-handlers-perl
(closes: #403249).
* Fix hang when using study + taint (closes: #415296).
* Remove libcgi-fast-perl as a separate package (closes: #422592).
* Pod/Man.pm: escape backslashes in index entries (closes: #440448).
* Pod/Html.pm: Fix handling of nested definition lists (closes: #423168).
-- Martin Pitt <email address hidden> Tue, 27 Nov 2007 10:15:15 +0000
-
perl (5.8.8-7ubuntu3) gutsy; urgency=low
* Fix illegal Conflicts, based on existing versions of
libattribute-handlers-perl. LP: #132702
-- LaMont Jones <email address hidden> Fri, 28 Sep 2007 10:56:29 -0600
