-
perl (5.10.1-8ubuntu2.4) lucid-security; urgency=medium
* SECURITY UPDATE: arbitrary command execution via _compile function in
Maketext.pm
- debian/patches/fixes/CVE-2012-6329.patch: escape backslashes and
reject method names with colons or apostrophes in
dist/Locale-Maketext/lib/Locale/Maketext.pm.
- CVE-2012-6329
-- Marc Deslauriers <email address hidden> Tue, 04 Feb 2014 16:12:30 -0500
-
perl (5.10.1-8ubuntu2.3) lucid-security; urgency=low
* SECURITY UPDATE: algorithmic complexity attack on hash keys
- debian/patches/fixes/CVE-2013-1667.diff: fix hsplit() in hv.c, fix
tests in ext/Hash-Util-FieldHash/t/10_hash.t, t/op/hash.t.
- CVE-2013-1667
-- Marc Deslauriers <email address hidden> Mon, 18 Mar 2013 12:21:44 -0400
-
perl (5.10.1-8ubuntu2.2) lucid-security; urgency=low
* SECURITY UPDATE: Injection problem in Digest::new
- CVE-2011-3597
* SECURITY UPDATE: Off-by-one via crafted Unicode string in Unicode.xs
- CVE-2011-2939
* SECURITY UPDATE: Heap overflow in "x" operator (LP: #1069034)
- CVE-2012-5195
* SECURITY UPDATE: CGI.pm improper cookie and p3p CRLF escaping
- CVE-2012-5526
-- Seth Arnold <email address hidden> Mon, 26 Nov 2012 11:27:38 -0800
-
perl (5.10.1-8ubuntu2.1) lucid-security; urgency=low
* SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
- debian/patches/debian/CVE-2010-1168.diff: update Safe.pm to version
2.29 to fix multiple issues.
- CVE-2010-1168
- CVE-2010-1447
* SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary,
and CRLF injections.
- debian/patches/fixes/cgi-multiline-header.diff: fix issues with
patch obtained from (5.10.1-17).
- CVE-2010-2716
- CVE-2010-4410
- CVE-2010-4411
* SECURITY UPDATE: taint protection bypass via missing taint attributes
- debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end
of pp_* functions.
- CVE-2011-1487
-- Marc Deslauriers <email address hidden> Thu, 21 Apr 2011 13:22:49 -0400
-
perl (5.10.1-8ubuntu2) lucid; urgency=low
* Make perl-base conflict with older versions of safe-rm to unbreak
maintainer scripts on partial upgrades. (LP: #568670)
-- Andrew Mitchell <email address hidden> Fri, 23 Apr 2010 16:42:52 +1200
-
perl (5.10.1-8ubuntu1) lucid; urgency=low
* Merge with Debian testing (lp: #496556), remaining changes:
- Add Breaks against doc-base (<< 0.8.16) to fix upgrade issues from
hardy.
- Change build dependency from libdb4.7-dev to libdb-dev, to minimize the
db versions on the CDs.
- On sparc, build with -O1 instead of -O2. See #438876.
perl (5.10.1-8) unstable; urgency=medium
* Fix another perl-suid/i386 dependency bug by using dpkg-shlibdeps
correctly. (Closes: #556847)
* Add Conflicts/Replaces/Provides for libthread-queue-perl.
(Closes: #556793)
perl (5.10.1-7) unstable; urgency=medium
* Only run dpkg-shlibdeps when all the shlibs files have been created.
This fixes perl-suid dependencies on i386. (Closes: #552797)
* Set myself as Maintainer and remove Brendan O'Dea from the control
file at his request.
* Make the threads-shared test suite more robust, fixing failures on hppa.
(Closes: #554218)
perl (5.10.1-6) unstable; urgency=high
* Added /me to Uploaders.
* Apply upstream fix to resolve some crash in pattern matching against
non-Unicode tainted string. This fixes CVE-2009-3626. (Closes: #552291)
perl (5.10.1-5) unstable; urgency=low
* Make DynaLoader work without Config_heavy.pl again. (Closes: #549170)
perl (5.10.1-4) unstable; urgency=low
* Temporarily work around an internal compiler error in Devel::PPPort
on ia64+gcc-4.3. (Closes: #548943)
perl (5.10.1-3) unstable; urgency=low
* Upload to unstable.
perl (5.10.1-2) experimental; urgency=low
* reinstate Debian change to ExtUtils::MakeMaker for now to allow
overriding PREFIX at installation time again. (Closes: #545904)
* Separate Archive::Tar instance error strings from each other.
(Closes: #539355)
* Fix a crash with \G on first match. (Closes: #545234)
perl (5.10.1-1) experimental; urgency=low
* New upstream release.
* Remove traces of libcpan-plus-perl provides/conflicts/replaces in favour
of libcpanplus-perl.
* Clean an accidentally duplicated libcpanplus-perl conflict entry.
* Add conflicts/replaces/provides for
+ libio-compress-bzip2-perl
* Don't test .ph file syntax when DEB_BUILD_OPTIONS contains "nocheck"
or "x-perl-notest"
* Replace /usr/share/doc symlinks with separate changelog and copyright
files in the arch-independent packages (perl-doc and perl-modules)
to make sure they correspond to the right package version.
(Closes: #536384, #542137)
* Add support for abstract sockets. Thanks to Lubomir Rintel.
(Closes: #329291, #490660)
* In versions older than 5.10.0-24, CPANPLUS system configuration would be
erroneously saved under /usr/share. Avoid loss of local configuration by
copying it to /etc/perl/CPANPLUS/Config/System.pm on upgrades before the
new package overwrites it. (Closes: #543910)
* Add gcc predefined macros to $Config{cppsymbols} on GNU/Hurd.
Thanks to Samuel Thibault. (Closes: #544307)
* Fix autodie on hppa by allowing for flock returning EAGAIN instead
of EWOULDBLOCK. (Closes: #543731)
* Move /usr/share/perl/5.10/unicore/To into perl-base. (See #543149)
perl (5.10.1~rc2-1) experimental; urgency=low
* New upstream release candidate.
+ Archive::Tar now supports bzip2 files. (Closes: #457326)
+ Module::CoreList now includes ExtUtils::Miniperl. (Closes: #508696)
+ ExtUtils::Manifest now handles whitespace correctly. (Closes: #538005)
+ CGI.pm unwanted UTF-8 conversion in URLs is fixed. (Closes: #516129)
+ FileCache needs symbolic references, documentation updated.
(Closes: #318579)
+ perldoc.pod now references perlpod.pod. (Closes: #479638)
+ Long regular expressions work again. (Closes: #527039)
+ File::Temp::tempfile now supports TMPDIR. (Closes: #351373)
+ File::Temp now works with ACLs. (Closes: #531770)
+ IPC::Cmd now works with arrayrefs. (Closes: #533380)
+ perlpod.pod documentation fix: =encoding affects the whole document.
(Closes: #527023)
+ CPAN.pm no longer passes make arguments through to Build.
(Closes: #508183)
+ using the same lexically scoped variable in a foreach loop twice
no longer segfaults. (Closes: #511589)
+ unwanted filehandle stringification in CGI.pm is fixed. (Closes: #483144)
+ script_name() in CGI.pm is fixed. (Closes: #493965)
+ revision information removed from perlfaq whatis entries
(Closes: #402046)
* Updated the conflicts list for the various dual-lived modules.
* Added conflicts/replaces/provides for
+ libio-compress-perl
+ libcompress-raw-bzip2-perl
+ libthreads-perl
+ libthreads-shared-perl
+ libparse-cpan-meta-perl
+ libparent-perl
+ libautodie-perl
* Update the search path in the h2ph check. Thanks to Marius Vollmer.
* Build-Depend on libbz2-dev instead of using the bundled library in
ext/Compress-Raw-Bzip2.
perl (5.10.0-25) unstable; urgency=low
* Fix File::Copy::copy with pipes on GNU/kFreeBSD.
Thanks to Petr Salinger. (Closes: #537555)
* Module::Build::Compat makefiles now support 'distclean'.
Thanks to Ryan Niebur. (Closes: #527993)
* Honor TMPDIR when open()ing an anonymous temporary file.
Thanks to Norbert Buchmuller. (Closes: #528544)
* Move to libdb4.7. (Closes: #536443)
-- Michael Bienia <email address hidden> Mon, 14 Dec 2009 14:18:19 +0100
-
perl (5.10.0-24ubuntu4) karmic; urgency=low
* On sparc, build with -O1 instead of -O2. See #438876.
-- Matthias Klose <email address hidden> Tue, 29 Sep 2009 19:51:02 +0200
