-
perl (5.34.0-3ubuntu1.3) jammy-security; urgency=medium
* SECURITY UPDATE: heap overflow via regular expression
- debian/patches/CVE-2023-47038.patch: fix read/write past buffer end
in regcomp.c, t/re/pat_advanced.t.
- CVE-2023-47038
* SECURITY UPDATE: infinite recursion via warning message printing
- debian/patches/CVE-2022-48522.patch: fix warning handling in sv.c,
t/lib/warnings/sv.
- CVE-2022-48522
-- Marc Deslauriers <email address hidden> Thu, 23 Nov 2023 09:56:46 -0500
-
perl (5.34.0-3ubuntu1.2) jammy-security; urgency=medium
* SECURITY UPDATE: insecure default TLS configuration in HTTP::Tiny module
- debian/patches/CVE-2023-31484.patch: add verify_SSL=>1 to HTTP::Tiny to
verify https server identity.
- CVE-2023-31484
-- Camila Camargo de Matos <email address hidden> Tue, 23 May 2023 14:18:13 -0300
-
perl (5.34.0-3ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: Signature verification bypass
- debian/patches/CVE-2020-16156-1.patch: signature
verification type CANNOT_VERIFY was not recognized
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debia/patches/CVE-2020-16156-2.patch: add two new failure modes
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-3.patch: use gpg
to disentangle data and signature in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-4.patch: replacing die with mydie in
three spots in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-5.patch: disambiguate the call
to gpg --output by adding --verify in
cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-6.patch: corrects typo
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-7.patch: corrects typo
in cpan/CPAN/lib/CPAN/Distribution.pm.
- CVE-2020-16156
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 04 Oct 2022 15:16:23 -0300
-
perl (5.34.0-3ubuntu1) jammy; urgency=medium
* Merge with Debian; remaining changes:
- Disable two porting/libperl.t tests, only run on x86*, and only
testing the static libperl.a.
- Disable the same porting/libperl.t tests on x86*, as on the other
Linux architectures.
perl (5.34.0-3) unstable; urgency=medium
* Add 5.34.0 to debian/released-versions.
* Upload to unstable.
perl (5.34.0-2) experimental; urgency=medium
* Apply upstream patch fixing issues with gdbm 1.20. (Closes: #993514)
perl (5.34.0-1) experimental; urgency=medium
* Update to new upstream version 5.34.0.
* Add a build time sanity check to make sure we filter away generated
files from the regen-configure tarball. (Closes: #992200)
* Fix usrmerge related reproducibility issues. Thanks to Vagrant
Cascadian. (Closes: #914128)
* Update cross build support files.
* Skip io/msg.t on x32 due to broken System V message queues.
(See #988900)
* [SECURITY] CVE-2021-36770: Encode loading code from working directory
perl (5.34.0~rc2-1) experimental; urgency=medium
* Update to upstream release candidate 5.34.0-RC2.
+ File::Temp file creation permissions are documented now.
(Closes: #987995)
perl (5.32.1-6ubuntu1) jammy; urgency=medium
* Merge with Debian; remaining changes:
- Disable two porting/libperl.t tests, only run on x86*, and only
testing the static libperl.a.
- Disable the same porting/libperl.t tests on x86*, as on the other
Linux architectures.
perl (5.32.1-4) unstable; urgency=medium
* Add perl Breaks: perl-modules-5.22 and early versions of
perl-modules-5.26. They had the same issue as perl-modules-5.24,
which perl already Breaks since 5.32.0-6. (Closes: #976704)
-- Matthias Klose <email address hidden> Sun, 06 Feb 2022 12:02:58 +0100
-
perl (5.32.1-6ubuntu1) jammy; urgency=medium
* Merge with Debian; remaining changes:
- Disable two porting/libperl.t tests, only run on x86*, and only
testing the static libperl.a.
- Disable the same porting/libperl.t tests on x86*, as on the other
Linux architectures.
perl (5.32.1-6) unstable; urgency=medium
* Add ARC cross build support files from Evgeniy Didin. (Closes: #990305)
* Apply upstream patch fixing a regexp memory leak. (Closes: #994834)
perl (5.32.1-5) unstable; urgency=high
* [SECURITY] CVE-2021-36770: Encode loading code from working directory
perl (5.32.1-4) unstable; urgency=medium
* Add perl Breaks: perl-modules-5.22 and early versions of
perl-modules-5.26. They had the same issue as perl-modules-5.24,
which perl already Breaks since 5.32.0-6. (Closes: #976704)
-- Matthias Klose <email address hidden> Fri, 04 Feb 2022 22:49:31 +0100
-
perl (5.32.1-6) unstable; urgency=medium
* Add ARC cross build support files from Evgeniy Didin. (Closes: #990305)
* Apply upstream patch fixing a regexp memory leak. (Closes: #994834)
-- Niko Tyni <email address hidden> Fri, 24 Sep 2021 18:20:33 +0300
-
perl (5.32.1-3ubuntu3) impish; urgency=medium
* SECURITY UPDATE: Encode library can be made to run arbitrary Perl code
from the current working directory
- debian/patches/CVE-2021-36770.patch: mitigate @INC pollution when
loading ConfigLocal in cpan/Encode/Encode.pm.
- CVE-2021-36770
-- Marc Deslauriers <email address hidden> Mon, 02 Aug 2021 08:24:15 -0400