-
perl (5.22.1-9ubuntu0.9) xenial-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in regex compiler
- debian/patches/fixes/CVE-2020-10543.patch: prevent integer overflow
from nested regex quantifiers in regcomp.c.
- CVE-2020-10543
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/fixes/CVE-2020-10878.patch: extract
rck_elide_nothing in embed.fnc, embed.h, proto.h, regcomp.c.
- CVE-2020-10878
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/fixes/CVE-2020-12723.patch: avoid mutating regexp
program within GOSUB in embed.fnc, embed.h, proto.h, regcomp.c,
t/re/pat.t.
- CVE-2020-12723
* debian/patches/fixes/fix_test_2020.patch: fix FTBFS caused by test
failing in the year 2020 in cpan/Time-Local/t/Local.t.
-- Marc Deslauriers <email address hidden> Mon, 19 Oct 2020 06:57:56 -0400
-
perl (5.22.1-9ubuntu0.6) xenial-security; urgency=medium
* SECURITY UPDATE: Integer overflow leading to buffer overflow
- debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in
util.c.
- CVE-2018-18311
* SECURITY UPDATE: Heap-buffer-overflow write / reg_node overrun
- debian/patches/fixes/CVE-2018-18312.patch: fix logic in regcomp.c.
- CVE-2018-18312
* SECURITY UPDATE: Heap-buffer-overflow read
- debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to
memchr in regcomp.c.
- CVE-2018-18313
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/fixes/CVE-2018-18314.patch: fix extended charclass in
pod/perldiag.pod, pod/perlrecharclass.pod, regcomp.c,
t/re/reg_mesg.t, t/re/regex_sets.t.
- CVE-2018-18314
-- Marc Deslauriers <email address hidden> Mon, 19 Nov 2018 13:29:35 -0500
-
perl (5.22.1-9ubuntu0.5) xenial-security; urgency=medium
* SECURITY UPDATE: Directory traversal vulnerability
- debian/patches/fixes/CVE-2018-12015.patch: fix ing
cpan/Archive-Tar/lib/Archive/Tar.pm.
- CVE-2018-12015
-- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Jun 2018 16:30:44 -0300
-
perl (5.22.1-9ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: arbitrary code exec via library in cwd
- debian/patches/fixes/CVE-2016-6185.patch: properly handle paths in
dist/XSLoader/XSLoader_pm.PL, dist/XSLoader/t/XSLoader.t.
- CVE-2016-6185
* SECURITY UPDATE: race condition in rmtree and remove_tree
- debian/patches/fixes/CVE-2017-6512-pre.patch: correct the order of
tests of chmod() in cpan/ExtUtils-Command/t/eu_command.t.
- debian/patches/fixes/CVE-2017-6512.patch: prevent race in
cpan/File-Path/lib/File/Path.pm, cpan/File-Path/t/Path.t.
- CVE-2017-6512
* SECURITY UPDATE: heap write overflow bug
- debian/patches/fixes/CVE-2018-6797.patch: restart a node if we change
to uni rules within the node and encounter a sharp S in regcomp.c.
- CVE-2018-6797
* SECURITY UPDATE: heap read overflow bug
- debian/patches/fixes/CVE-2018-6798-1.patch: check lengths in
regexec.c, t/lib/warnings/regexec.
- debian/patches/fixes/CVE-2018-6798-2.patch: account for non-utf8
target in regexec.c, t/re/re_tests.
- debian/patches/fixes/CVE-2018-6798-3.patch: no longer warns in
t/lib/warnings/regexec.
- CVE-2018-6798
* SECURITY UPDATE: heap buffer overflow bug
- debian/patches/fixes/CVE-2018-6913.patch: fix various space
calculation issues in pp_pack.c, t/op/pack.t.
- CVE-2018-6913
-- Marc Deslauriers <email address hidden> Thu, 05 Apr 2018 08:48:47 -0400
-
perl (5.22.1-9ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: Buffer overflow via crafted regular expressiion
- debian/patches/fixes/CVE-2017-12883.patch: fix crafted expression
with invalid '\N{U+...}' escape in regcomp.c
- CVE-2017-12883
* SECURITY UPDATE: heap-based buffer overflow in S_regatom
- debian/patches/fixes/CVE-2017-12837.patch: fix issue in regcomp.c
- CVE-2017-12837
-- <email address hidden> (Leonidas S. Barbosa) Fri, 10 Nov 2017 11:39:06 -0300
-
perl (5.22.1-9) unstable; urgency=medium
* Add cross build support files for alpha, hppa, sparc64, x32, mips,
and hurd-i386. (Closes: #816217)
* Use the standard library from the build tree, fixing non-cross
bootstrapping. (Closes: #817948)
-- Niko Tyni <email address hidden> Sun, 13 Mar 2016 13:54:18 +0200
-
perl (5.22.1-8) unstable; urgency=high
* [SECURITY] CVE-2016-2381 fix duplicate environment variable taint
checking issue
-- Dominic Hargreaves <email address hidden> Fri, 26 Feb 2016 21:59:01 +0000
-
perl (5.22.1-7) unstable; urgency=medium
* small tweaks to cross support file import infrastructure
* debian/copyright: include CC0-1.0 License for Test-Simple
* Changes prompted by lintian:
+ debian/copyright: move license grants into Comment sections
+ Bump build dependency on dpkg-dev to 1.17.14 for build profile support
(Closes: #813811)
+ Call ldconfig in libperl5.22 postrm script.
+ Override lintian warning about file conflict over /usr/bin/perldoc.
+ Install manual pages for perl5.22-<arch> and cpan5.22-<arch>.
+ Fix POD errors in Memoize, Encode-Unicode and ok.
* Remove libperl-dev dependency on perl. (Closes: #813384)
+ this enables experimental support for cross building applications
linking against libperl; see /usr/share/doc/libperl-dev/README.cross
for more information.
* Add cross build support files for amd64, i386, powerpc, ppc64el, armel,
armhf, arm64, s390x, mipsel, mips64el, kfreebsd-amd64 and kfreebsd-i386.
(Closes: #285559)
* Upload to unstable.
-- Niko Tyni <email address hidden> Mon, 08 Feb 2016 22:09:56 +0200
-
perl (5.22.1-5) unstable; urgency=medium
[ Dominic Hargreaves ]
* Add Breaks entry for versions of mailagent not compatible with
perl 5.22
[ Niko Tyni ]
* Make perl-modules-5.22 Conflict with perl-modules rather than Break it.
Thanks to Adam Conrad. (Closes: #810164)
* Fix umask in mkstemp(3) calls. (Closes: #810924)
-- Niko Tyni <email address hidden> Sat, 30 Jan 2016 11:41:34 +0200
-
perl (5.22.1-4) unstable; urgency=high
* Add Breaks entry for versions of libsbuild-perl, maildirsync,
and backuppc not compatible with perl 5.22
(Closes: #808805, #809562, #810118)
* Apply patch from Niko Tyni restoring debugperl functionality
(Closes: #810326)
* [SECURITY] CVE-2015-8607 fix untaint issue with File::Spec::canonpath()
(Closes: #810719)
-- Dominic Hargreaves <email address hidden> Mon, 11 Jan 2016 22:29:23 +0000
-
perl (5.22.1-3) unstable; urgency=medium
[ Dominic Hargreaves ]
* psed was removed in 5.22, so remove the (broken) manpage symlink
too (Closes: #808683)
[ Niko Tyni ]
* Fix an autodie scoping issue with "no autodie" and the "system" sub.
(Closes: #808629)
+ break libautodie-perl (<< 2.29-2) to make sure it won't override the fix
-- Niko Tyni <email address hidden> Sat, 26 Dec 2015 09:28:43 +0200
-
perl (5.22.1-2) unstable; urgency=low
* Work around a t/op/stat.t failure on GNU/kFreeBSD, possibly related
to softupdates. Fix by Steven Chamberlain. (Closes: #796798)
-- Niko Tyni <email address hidden> Fri, 18 Dec 2015 14:31:00 +0200
-
perl (5.22.1-1) unstable; urgency=low
* New upstream release.
* Backport Encode::Unicode BOM fix from Encode-2.77.
(Closes: #798727)
+ break+replace libencode-perl (<< 2.77) accordingly
* Upload to unstable.
+ drop perlapi-5.22.0 for transition purposes
-- Niko Tyni <email address hidden> Wed, 16 Dec 2015 20:13:17 +0200
-
perl (5.20.2-6) unstable; urgency=low
* Remove two obsolete lintian overrides.
* Make libperl5.20 Break older perl-base versions to ensure perl-base
is upgraded first.
* Upload to unstable.
-- Niko Tyni <email address hidden> Thu, 14 May 2015 13:38:21 +0300
