-
perl (5.14.2-6ubuntu2.11) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: heap buffer overflow in regex compiler
- debian/patches/CVE-2020-10543.patch: prevent integer overflow
from nested regex quantifiers in regcomp.c.
- CVE-2020-10543
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/CVE-2020-10878.patch: extract
rck_elide_nothing in embed.fnc, embed.h, proto.h, regcomp.c.
- CVE-2020-10878
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/CVE-2020-12723.patch: avoid mutating regexp
program within GOSUB in embed.fnc, embed.h, proto.h, regcomp.c,
t/re/pat.t.
- CVE-2020-12723
* debian/patches/fix_test_2020.patch: fix FTBFS caused by test
failing in the year 2020 in cpan/Time-Local/t/Local.t.
-- <email address hidden> (Leonidas S. Barbosa) Mon, 26 Oct 2020 09:21:23 -0300
-
perl (5.14.2-6ubuntu2.5) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via regular expression invalid
backreference
- debian/patches/CVE-2013-7422.patch: properly handle big
backreferences in regcomp.c.
- CVE-2013-7422
* SECURITY UPDATE: denial of service in Data::Dumper
- debian/patches/CVE-2014-4330.patch: limit recursion in MANIFEST,
dist/Data-Dumper/Dumper.pm, dist/Data-Dumper/Dumper.xs,
dist/Data-Dumper/t/recurse.t.
- CVE-2014-4330
* SECURITY UPDATE: environment variable confusion issue
- debian/patches/CVE-2016-2381.patch: remove duplicate environment
variables from environ in perl.c.
- CVE-2016-2381
-- Marc Deslauriers <email address hidden> Tue, 01 Mar 2016 11:02:10 -0500
-
perl (5.14.2-6ubuntu2.4) precise-security; urgency=medium
* SECURITY UPDATE: arbitrary command execution via _compile function in
Maketext.pm
- debian/patches/CVE-2012-6329.patch: escape backslashes and reject
method names with colons or apostrophes in
dist/Locale-Maketext/lib/Locale/Maketext.pm.
- CVE-2012-6329
-- Marc Deslauriers <email address hidden> Tue, 04 Feb 2014 16:02:26 -0500
-
perl (5.14.2-6ubuntu2.3) precise-security; urgency=low
* SECURITY UPDATE: algorithmic complexity attack on hash keys
- debian/patches/CVE-2013-1667.patch: fix hsplit() in hv.c, fix tests
in ext/Hash-Util-FieldHash/t/10_hash.t, t/op/hash.t.
- CVE-2013-1667
-- Marc Deslauriers <email address hidden> Mon, 18 Mar 2013 10:48:33 -0400
-
perl (5.14.2-6ubuntu2.2) precise-security; urgency=low
* SECURITY UPDATE: Heap overflow in "x" operator (LP: #1069034)
- CVE-2012-5195
* SECURITY UPDATE: CGI.pm improper cookie and p3p CRLF escaping
- CVE-2012-5526
-- Seth Arnold <email address hidden> Mon, 26 Nov 2012 11:27:58 -0800
-
perl (5.14.2-6ubuntu2.1) precise-proposed; urgency=low
* Add versioned conflict against libxml-sax-perl to ensure it's upgraded
to a version that doesn't use Files::Basename or is removed from the
system. This fixes upgrades from 10.04. (LP: #990256)
-- Stephane Graber <email address hidden> Fri, 10 Aug 2012 15:51:31 -0400
-
perl (5.14.2-6ubuntu2) precise; urgency=low
* Have perl, perl-modules, and perl-base conflict with versions of
mono-gac requiring File::Basename, to ensure a smooth upgrade from lucid.
LP: #948848.
-- Steve Langasek <email address hidden> Fri, 23 Mar 2012 07:59:20 -0700
-
perl (5.14.2-6ubuntu1) precise; urgency=low
* debian/control: Add doc-base conflict also to perl, perl-modules, and
libperl5.14. Otherwise they can get unpacked before upgrading perl-base
and doc-base and thus still cause symbol lookup errors in the doc-base
trigger. (Closes: #648954, LP: #902553)
-- Martin Pitt <email address hidden> Fri, 16 Dec 2011 12:25:31 +0100
-
perl (5.14.2-6) unstable; urgency=low
[ Niko Tyni ]
* debian/rules: correctly handle subject line wraps in patch headers.
[ Dominic Hargreaves ]
* Add versioned Conflicts on update-inetd (<< 4.41) (Closes: #649177)
* Conflict on rather than Break doc-base (<< 0.10.3); aptitude
runs doc-base triggers before the new version has been unpacked
* Update Lintian override for perl-module-uses-perl4-libs-without-dep
to reflect new path to CGI.pm
* Disable various tests which fail on GNU/Hurd (see #648623)
-- Dominic Hargreaves <email address hidden> Mon, 28 Nov 2011 19:48:05 +0000
-
perl (5.14.2-5ubuntu1) precise; urgency=low
* Break older versions of update-inetd to avoid File::Temp and File::Copy
binary-incompatibility issues during upgrades (LP: #862129).
-- Colin Watson <email address hidden> Thu, 24 Nov 2011 15:24:30 +0000
-
perl (5.14.2-5) unstable; urgency=low
* Update versioned Breaks for dual-lived modules with updates in
5.14.2 (libmodule-corelist-perl, libencode-perl)
* Update versioned Breaks for doc-base to << 0.10.3; this version
improves the resilience of the postinst during a major perl upgrade
(Closes: #648954)
-- Dominic Hargreaves <email address hidden> Thu, 17 Nov 2011 23:29:20 +0000
-
perl (5.14.2-4) unstable; urgency=low
* Add Conflicts: libjson-pp-perl (<< 2.27200-2) to perl package
to fix file conflict with dual-lived module (Closes: #648897)
-- Dominic Hargreaves <email address hidden> Tue, 15 Nov 2011 23:36:39 +0000
-
perl (5.14.2-3build1) precise; urgency=low
* Rebuild in the main archive to avoid depending on an experimental libc6.
-- Colin Watson <email address hidden> Tue, 15 Nov 2011 13:51:55 +0000
-
perl (5.14.2-3) unstable; urgency=low
* Upload to unstable
-- Dominic Hargreaves <email address hidden> Sun, 13 Nov 2011 12:12:26 +0000
-
perl (5.12.4-6) unstable; urgency=medium
* [SECURITY] CVE-2011-3597: Fix unsafe use of eval in Digest->new();
thanks to Ansgar Burchardt for the notification (Closes: #644108)
perl (5.12.4-5) unstable; urgency=low
[ Niko Tyni ]
* Fix a memory leak in Carp::shortmess. (Closes: #638676)
[ Dominic Hargreaves ]
* Update CPAN::Distribution to use html2text rather than html2text.pl;
thanks to Andreas Marschke for the patch (Closes: #640479)
* Override Lintian warnings perl-module-uses-perl4-libs-without-dep
and script-uses-perl4-libs-without-dep as the Perl4 libraries are
provided by perl itself
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 19 Oct 2011 09:20:40 +0000
-
perl (5.12.4-4) unstable; urgency=medium
* Fix decode_xs n-byte heap-overflow security bug in Unicode.xs
(Closes: #637376)
-- Dominic Hargreaves <email address hidden> Wed, 10 Aug 2011 19:25:23 +0100
