Package "perl"
Name: |
perl
|
Description: |
Larry Wall's Practical Extraction and Report Language
|
Latest version: |
5.26.1-6ubuntu0.7 |
Release: |
bionic (18.04) |
Level: |
security |
Repository: |
main |
Homepage: |
http://dev.perl.org/perl5/ |
Links
Download "perl"
Other versions of "perl" in Bionic
Packages in group
Deleted packages are displayed in grey.
Changelog
perl (5.26.1-6ubuntu0.7) bionic-security; urgency=medium
* SECURITY UPDATE: insecure default TLS configuration in HTTP::Tiny module
- debian/patches/CVE-2023-31484.patch: add verify_SSL=>1 to HTTP::Tiny to
verify https server identity.
- CVE-2023-31484
-- Camila Camargo de Matos <email address hidden> Tue, 23 May 2023 14:17:19 -0300
|
Source diff to previous version |
CVE-2023-31484 |
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. |
|
perl (5.26.1-6ubuntu0.6) bionic-security; urgency=medium
* SECURITY UPDATE: Signature verification bypass
- debian/patches/CVE-2020-16156-1.patch: signature
verification type CANNOT_VERIFY was not recognized
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debia/patches/CVE-2020-16156-2.patch: add two new failure modes
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-3.patch: use gpg
to disentangle data and signature in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-4.patch: replacing die with mydie in
three spots in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-5.patch: disambiguate the call
to gpg --output by adding --verify in
cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-6.patch: corrects typo
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-7.patch: corrects typo
in cpan/CPAN/lib/CPAN/Distribution.pm.
- CVE-2020-16156
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 05 Oct 2022 07:49:22 -0300
|
Source diff to previous version |
|
perl (5.26.1-6ubuntu0.5) bionic-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in regex compiler
- debian/patches/fixes/CVE-2020-10543.patch: prevent integer overflow
from nested regex quantifiers in regcomp.c.
- CVE-2020-10543
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/fixes/CVE-2020-10878.patch: extract
rck_elide_nothing in embed.fnc, embed.h, proto.h, regcomp.c.
- CVE-2020-10878
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/fixes/CVE-2020-12723.patch: avoid mutating regexp
program within GOSUB in embed.fnc, embed.h, proto.h, regcomp.c,
t/re/pat.t.
- CVE-2020-12723
* debian/patches/fixes/fix_test_2020.patch: fix FTBFS caused by test
failing in the year 2020 in cpan/Time-Local/t/Local.t.
-- Marc Deslauriers <email address hidden> Mon, 19 Oct 2020 06:57:24 -0400
|
Source diff to previous version |
CVE-2020-10543 |
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. |
CVE-2020-10878 |
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could l |
CVE-2020-12723 |
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. |
|
perl (5.26.1-6ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow leading to buffer overflow
- debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in
util.c.
- CVE-2018-18311
* SECURITY UPDATE: Heap-buffer-overflow write / reg_node overrun
- debian/patches/fixes/CVE-2018-18312.patch: fix logic in regcomp.c.
- CVE-2018-18312
* SECURITY UPDATE: Heap-buffer-overflow read
- debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to
memchr in regcomp.c.
- CVE-2018-18313
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/fixes/CVE-2018-18314.patch: fix extended charclass in
pod/perldiag.pod, pod/perlrecharclass.pod, regcomp.c,
t/lib/warnings/regcomp, t/re/reg_mesg.t, t/re/regex_sets.t.
- CVE-2018-18314
-- Marc Deslauriers <email address hidden> Mon, 19 Nov 2018 10:54:44 -0500
|
Source diff to previous version |
|
perl (5.26.1-6ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Directory traversal vulnerability
- debian/patches/fixes/CVE-2018-12015.patch: fix ing
cpan/Archive-Tar/lib/Archive/Tar.pm.
- CVE-2018-12015
-- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Jun 2018 16:32:02 -0300
|
CVE-2018-12015 |
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary |
|
About
-
Send Feedback to @ubuntu_updates