-
perl (5.36.0-9ubuntu1.1) mantic-security; urgency=medium
* SECURITY UPDATE: heap overflow via regular expression
- debian/patches/CVE-2023-47038.patch: fix read/write past buffer end
in regcomp.c, t/re/pat_advanced.t.
- CVE-2023-47038
-- Marc Deslauriers <email address hidden> Thu, 23 Nov 2023 09:53:16 -0500
-
perl (5.36.0-9ubuntu1) mantic; urgency=medium
* Merge with Debian; remaining changes:
- Fix for CVE-2023-31484.
perl (5.36.0-9) unstable; urgency=medium
* Build depend on libc6-dev (>= 2.37-8) on ppc64el for correct F_GETLK
et al. (See #1050592)
* Explicitly do not use strlcpy and strlcat from glibc 2.38 to keep
libperl5.36 symbols stable. (Closes: #1051427)
perl (5.36.0-8) unstable; urgency=medium
* Unbreak builds with the nodoc build profile. (See: #50091)
* Add cross build support files for hurd-amd64. (Closes: #1043394)
-- Matthias Klose <email address hidden> Tue, 12 Sep 2023 10:36:49 +0200
-
perl (5.36.0-7ubuntu3) mantic; urgency=medium
* Unconditionally use Perl_my_strlcat and Perl_my_strlcpy to avoid
an ABI break with glibc 2.38 (can be dropped with perl 5.38).
-- Matthias Klose <email address hidden> Thu, 07 Sep 2023 08:58:55 +0200
-
perl (5.36.0-7ubuntu2) mantic; urgency=medium
* Unconditionally use Perl_my_strlcat and Perl_my_strlcpy to avoid
an ABI break with glibc 2.38 (can be dropped with perl 5.38).
-- Matthias Klose <email address hidden> Thu, 07 Sep 2023 08:58:55 +0200
-
perl (5.36.0-7ubuntu1) mantic; urgency=medium
* SECURITY UPDATE: insecure default TLS configuration in HTTP::Tiny module
- debian/patches/CVE-2023-31484.patch: add verify_SSL=>1 to HTTP::Tiny to
verify https server identity.
- CVE-2023-31484
-- Camila Camargo de Matos <email address hidden> Tue, 23 May 2023 14:20:48 -0300
-
perl (5.36.0-7) unstable; urgency=medium
* Break backuppc (<< 4.4.0-7~) due to Data::Dumper changes in 5.36
(Closes: #1026270)
-- Niko Tyni <email address hidden> Sun, 08 Jan 2023 23:28:47 +0200