-
perl (5.24.1-2ubuntu1.1) zesty-security; urgency=medium
* SECURITY UPDATE: Buffer overflow via crafted regular expressiion
- debian/patches/fixes/CVE-2017-12883.patch: fix crafted expression
with invalid '\N{U+...}' escape in regcomp.c
- CVE-2017-12883
* SECURITY UPDATE: heap-based buffer overflow in S_regatom
- debian/patches/fixes/CVE-2017-12837.patch: fix issue in regcomp.c
- CVE-2017-12837
-- <email address hidden> (Leonidas S. Barbosa) Fri, 10 Nov 2017 11:07:03 -0300
-
perl (5.24.1-2ubuntu1) zesty; urgency=medium
* d/p/f/Compress-Raw-Zlib-2.071-Adapt-tests-to-zlib-1.2.11.patch,
d/p/f/0001-Adapt-tests-to-zlib-1.2.11.patch:
- backport upstream patch to fix t/02zlib.t because of new zlib
-- Gianfranco Costamagna <email address hidden> Sat, 18 Mar 2017 18:00:39 +0100
-
perl (5.24.1-2) unstable; urgency=medium
* Apply patch from upstream fixing leak in list assignment
(Closes: #855064)
* Clarify documentation of 'do' in the face of '.' being removed
from @INC (Closes: #839536)
-- Dominic Hargreaves <email address hidden> Thu, 16 Mar 2017 11:11:46 +0000
-
perl (5.24.1-1) unstable; urgency=medium
[ Dominic Hargreaves ]
* Break libexception-class-perl (<< 1.42) since this version fixes an
@INC related vulnerability potentially exposed by the reversion of the
base.pm changes below.
* Remove <nocheck> profile flag for build dependency on file, as it
is needed outside the test suite (Closes: #850296)
[ Niko Tyni ]
* Use https for URLs in the patchlevel list.
* Refresh cross build support files.
[ Dominic Hargreaves ]
* New upstream release
-- Dominic Hargreaves <email address hidden> Sun, 15 Jan 2017 23:35:20 +0000
-
perl (5.24.1~rc4-1) unstable; urgency=medium
[ Dominic Hargreaves ]
* Fix Vcs-Git header. Thanks to Axel Beckert (Closes: #839057)
* Add Breaks on dh-haskell (<< 0.3) (Closes: #839018)
* Add workaround for optimization test failure on HPPA (Closes: #838613)
[ Niko Tyni ]
* Import new upstream release candidate with improved @INC localizing
in base.pm.
* Patch Test::Builder to fix a 'used only once' warning. (Closes: #840968)
* Sort the binary package conffile lists for reproducibility.
* Break amanda-common versions built against perlapi-5.22. (See #843700)
* Patch Configure to filter longdblinfbytes randomness for
build reproducibility. (Closes: #844752)
* Patch installman to generate man pages with UTF-8 characters.
(Closes: #840211)
-- Niko Tyni <email address hidden> Sat, 26 Nov 2016 23:12:44 +0200
-
perl (5.24.1~rc3-3) unstable; urgency=medium
* Reinstate perl-modules virtual package (Closes: #838855)
-- Niko Tyni <email address hidden> Sun, 25 Sep 2016 23:22:41 +0300
-
perl (5.22.2-3) unstable; urgency=high
* [SECURITY] CVE-2016-1238: opportunistic loading of optional
modules can make many programs unintentionally load code
from the current working directory (which might be changed to
another directory without the user realising).
+ allow user configurable removal of "." from @INC in
/etc/perl/sitecustomize.pl for a transitional period. (See: #588017)
+ backport patches from [perl #127834] to fix known vulnerabilities
even if the user does not configure "." to be removed from @INC
+ backport patches from [perl #127810] to fix various classes of
build failures in perl and CPAN modules if "." is removed from
@INC
-- Dominic Hargreaves <email address hidden> Mon, 25 Jul 2016 16:00:43 +0100