-
perl (5.18.2-2ubuntu1.7) trusty-security; urgency=medium
* SECURITY UPDATE: Integer overflow leading to buffer overflow
- debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in
util.c.
- CVE-2018-18311
* SECURITY UPDATE: Heap-buffer-overflow read
- debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to
memchr in regcomp.c.
- CVE-2018-18313
-- Marc Deslauriers <email address hidden> Tue, 20 Nov 2018 09:27:15 -0500
-
perl (5.18.2-2ubuntu1.6) trusty-security; urgency=medium
* SECURITY UPDATE: Directory traversal vulnerability
- debian/patches/fixes/CVE-2018-12015.patch: fix ing
cpan/Archive-Tar/lib/Archive/Tar.pm.
- CVE-2018-12015
-- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Jun 2018 17:00:53 -0300
-
perl (5.18.2-2ubuntu1.4) trusty-security; urgency=medium
* SECURITY UPDATE: infinite loop via crafted utf-8 data
- debian/patches/fixes/CVE-2015-8853-1.patch: fix hangs in regexec.c,
t/re/pat.t.
- debian/patches/fixes/CVE-2015-8853-2.patch: use
Perl_croak_nocontext() in regexec.c.
- CVE-2015-8853
* SECURITY UPDATE: arbitrary code exec via library in cwd
- debian/patches/fixes/CVE-2016-6185.patch: properly handle paths in
dist/XSLoader/XSLoader_pm.PL, dist/XSLoader/t/XSLoader.t.
- CVE-2016-6185
* SECURITY UPDATE: race condition in rmtree and remove_tree
- debian/patches/fixes/CVE-2017-6512-pre.patch: correct the order of
tests of chmod() in cpan/ExtUtils-Command/t/eu_command.t.
- debian/patches/fixes/CVE-2017-6512.patch: prevent race in
cpan/File-Path/lib/File/Path.pm, cpan/File-Path/t/Path.t.
- CVE-2017-6512
* SECURITY UPDATE: heap buffer overflow bug
- debian/patches/fixes/CVE-2018-6913.patch: fix various space
calculation issues in pp_pack.c, t/op/pack.t.
- CVE-2018-6913
-- Marc Deslauriers <email address hidden> Thu, 05 Apr 2018 12:49:25 -0400
-
perl (5.18.2-2ubuntu1.3) trusty-security; urgency=medium
* SECURITY UPDATE: Buffer overflow via crafted regular expressiion
- debian/patches/CVE-2017-12883.patch: fix crafted expression
with invalid '\N{U+...}' escape in regcomp.c
- CVE-2017-12883
* SECURITY UPDATE: heap-based buffer overflow in S_regatom
- debian/patches/CVE-2017-12837.patch: fix issue in regcomp.c
- CVE-2017-12837
-- <email address hidden> (Leonidas S. Barbosa) Fri, 10 Nov 2017 08:42:39 -0300
-
perl (5.18.2-2ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via regular expression invalid
backreference
- debian/patches/fixes/CVE-2013-7422.patch: properly handle big
backreferences in regcomp.c.
- CVE-2013-7422
* SECURITY UPDATE: denial of service in Data::Dumper
- debian/patches/fixes/CVE-2014-4330.patch: limit recursion in
MANIFEST, dist/Data-Dumper/Dumper.pm, dist/Data-Dumper/Dumper.xs,
dist/Data-Dumper/t/recurse.t.
- CVE-2014-4330
* SECURITY UPDATE: environment variable confusion issue
- debian/patches/fixes/CVE-2016-2381.patch: remove duplicate
environment variables from environ in perl.c.
- CVE-2016-2381
-- Marc Deslauriers <email address hidden> Tue, 01 Mar 2016 07:32:17 -0500
-
perl (5.18.2-2ubuntu1) trusty; urgency=medium
* Fix undefined behaviour in sv.c, resulting in test failures when
built with GCC 4.9. Patch by Marek Polacek.
-- Matthias Klose <email address hidden> Tue, 25 Mar 2014 17:52:36 +0100
-
perl (5.18.2-2) unstable; urgency=medium
[ Niko Tyni ]
* Update debian/copyright to include the year 2013.
[ Dominic Hargreaves ]
* Upload to unstable
-- Dominic Hargreaves <email address hidden> Tue, 14 Jan 2014 19:47:33 +0000
-
perl (5.18.1-5) unstable; urgency=medium
[ Dominic Hargreaves ]
* Revert patches disabling GNU/Hurd tests which now succeed:
- debian/hurd_net_ping_disable_test.diff (Closes: #709385)
- debian/hurd_test_skip_io_pipe.diff (Closes: #650096)
- debian/hurd_test_skip_pipe.diff (Closes: #650187)
- debian/hurd_test_skip_sigdispatch.diff (Closes: #650188)
- debian/hurd_test_todo_syslog.diff (Closes: #650093)
* Various tidying of Copyright file in line with Lintian's suggestions
* Override Lintian tag spelling-error-in-copyright for an upstream error
* Override Lintian tag empty-binary-package for libperl5.18 as it
is a dummy package on some architectures
[ Niko Tyni ]
* Include upstream fix for regex \8 and \9 after literals.
(Closes: #731365)
* Fix spelling of IPC_CREAT in IPC-SysV documentation. (Closes: #730558)
-- Niko Tyni <email address hidden> Fri, 06 Dec 2013 20:05:55 +0200
-
perl (5.18.1-4build1) trusty; urgency=low
* No change rebuild against db 5.3.
-- Dmitrijs Ledkovs <email address hidden> Fri, 01 Nov 2013 23:52:36 +0000
-
perl (5.18.1-4) unstable; urgency=low
* Add Breaks on versions of libcommon-sense-perl which were built
with earlier version of perl (Closes: #722460)
* Add Module::Metadata fix for use in taint mode (Closes: #722210)
* Update Lintian override for wrong-path-for-interpreter false
positive
-- Dominic Hargreaves <email address hidden> Wed, 11 Sep 2013 23:30:25 +0100
-
perl (5.14.2-21build1) saucy; urgency=low
* No change rebuild.
-- Matthias Klose <email address hidden> Thu, 18 Jul 2013 23:41:05 +0200
