-
perl (5.30.0-9ubuntu0.5) focal-security; urgency=medium
* SECURITY UPDATE: heap overflow via regular expression
- debian/patches/CVE-2023-47038.patch: fix read/write past buffer end
in regcomp.c, t/re/pat_advanced.t.
- CVE-2023-47038
-- Marc Deslauriers <email address hidden> Thu, 23 Nov 2023 10:02:19 -0500
-
perl (5.30.0-9ubuntu0.4) focal-security; urgency=medium
* SECURITY UPDATE: insecure default TLS configuration in HTTP::Tiny module
- debian/patches/CVE-2023-31484.patch: add verify_SSL=>1 to HTTP::Tiny to
verify https server identity.
- CVE-2023-31484
* debian/patches/fix-ext-POSIX-t-mb-test.patch: fix edge case test failure
in ext/POSIX/t/mb.t.
-- Camila Camargo de Matos <email address hidden> Tue, 23 May 2023 14:17:48 -0300
-
perl (5.30.0-9ubuntu0.3) focal-security; urgency=medium
* SECURITY UPDATE: Signature verification bypass
- debian/patches/CVE-2020-16156-1.patch: signature
verification type CANNOT_VERIFY was not recognized
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debia/patches/CVE-2020-16156-2.patch: add two new failure modes
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-3.patch: use gpg
to disentangle data and signature in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-4.patch: replacing die with mydie in
three spots in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-5.patch: disambiguate the call
to gpg --output by adding --verify in
cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-6.patch: corrects typo
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-7.patch: corrects typo
in cpan/CPAN/lib/CPAN/Distribution.pm.
- CVE-2020-16156
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 05 Oct 2022 07:27:25 -0300
-
perl (5.30.0-9ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in regex compiler
- debian/patches/fixes/CVE-2020-10543.patch: prevent integer overflow
from nested regex quantifiers in regcomp.c.
- CVE-2020-10543
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/fixes/CVE-2020-10878-1.patch: extract
rck_elide_nothing in embed.fnc, embed.h, proto.h, regcomp.c.
- debian/patches/fixes/CVE-2020-10878-2.patch: use long jumps if there
is any possibility of overflow in regcomp.c.
- CVE-2020-10878
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/fixes/CVE-2020-12723.patch: avoid mutating regexp
program within GOSUB in embed.fnc, embed.h, proto.h, regcomp.c,
t/re/pat.t.
- CVE-2020-12723
-- Marc Deslauriers <email address hidden> Mon, 19 Oct 2020 06:56:54 -0400
-
perl (5.30.0-9build1) focal; urgency=medium
* No-change rebuild to pick up dependency on libcrypt1.
-- Matthias Klose <email address hidden> Fri, 06 Mar 2020 22:15:57 +0100
-
perl (5.30.0-9) unstable; urgency=medium
* Improve debian/t/control.t robustness fixing spurious failures
when packages are missing from the current archive suite.
(Closes: #943380)
* Build with TZ=UTC again for reproducibility. (See #791362)
* Fix cross builds harder, still due to -Dmksymlinks in 5.30.0-2.
* Refresh cross build support files for most architectures.
-- Niko Tyni <email address hidden> Sun, 27 Oct 2019 18:52:24 +0200
-
perl (5.30.0-8) unstable; urgency=medium
* Minor fixes prompted by lintian:
+ remove outdated lintian overrides
+ outsource parsing debian/changelog to pkg-info.mk in dpkg-dev
+ move debian/source.lintian-overrides under debian/source
+ add Build-Depends-Package: libperl-dev to the libperl5.30 symbols file
+ reorganize debian/copyright a bit to ensure correct file globbing
* Move perl-xs-dev Provides to libperl-dev, mark that Multi-Arch:
same, and add an unversioned cross-config symlink to the versioned
directory in libperl5.30 for easier consumption in depending packages.
.
Making perl-xs-dev not coinstallable between Perl major versions
should keep build dependencies unambiguous.
-- Niko Tyni <email address hidden> Sun, 20 Oct 2019 14:51:34 +0300
-
perl (5.30.0-7) unstable; urgency=medium
* Move perl-modules-5.30 to section "libs" to ease future Perl
transitions (Closes: #942220)
* Make libperl5.30 Provide perl-xs-dev and retire the
perl-cross-config virtual package. See the thread around
https://lists.debian.org/debian-perl/2019/10/msg00015.html
-- Niko Tyni <email address hidden> Tue, 15 Oct 2019 16:35:07 +0300
-
perl (5.28.1-6build1) eoan; urgency=medium
* No-change rebuild.
-- Matthias Klose <email address hidden> Wed, 11 Sep 2019 09:02:52 +0200
