Package "perl-base"
| Name: |
perl-base
|
Description: |
minimal Perl system
|
| Latest version: |
5.30.0-9ubuntu0.5 |
| Release: |
focal (20.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
perl |
| Homepage: |
http://dev.perl.org/perl5/ |
Links
Download "perl-base"
Other versions of "perl-base" in Focal
Changelog
|
perl (5.30.0-9ubuntu0.5) focal-security; urgency=medium
* SECURITY UPDATE: heap overflow via regular expression
- debian/patches/CVE-2023-47038.patch: fix read/write past buffer end
in regcomp.c, t/re/pat_advanced.t.
- CVE-2023-47038
-- Marc Deslauriers <email address hidden> Thu, 23 Nov 2023 10:02:19 -0500
|
| Source diff to previous version |
| CVE-2023-47038 |
Write past buffer end via illegal user-defined Unicode property |
|
|
perl (5.30.0-9ubuntu0.4) focal-security; urgency=medium
* SECURITY UPDATE: insecure default TLS configuration in HTTP::Tiny module
- debian/patches/CVE-2023-31484.patch: add verify_SSL=>1 to HTTP::Tiny to
verify https server identity.
- CVE-2023-31484
* debian/patches/fix-ext-POSIX-t-mb-test.patch: fix edge case test failure
in ext/POSIX/t/mb.t.
-- Camila Camargo de Matos <email address hidden> Tue, 23 May 2023 14:17:48 -0300
|
| Source diff to previous version |
| CVE-2023-31484 |
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. |
|
|
perl (5.30.0-9ubuntu0.3) focal-security; urgency=medium
* SECURITY UPDATE: Signature verification bypass
- debian/patches/CVE-2020-16156-1.patch: signature
verification type CANNOT_VERIFY was not recognized
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debia/patches/CVE-2020-16156-2.patch: add two new failure modes
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-3.patch: use gpg
to disentangle data and signature in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-4.patch: replacing die with mydie in
three spots in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-5.patch: disambiguate the call
to gpg --output by adding --verify in
cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-6.patch: corrects typo
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-7.patch: corrects typo
in cpan/CPAN/lib/CPAN/Distribution.pm.
- CVE-2020-16156
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 05 Oct 2022 07:27:25 -0300
|
| Source diff to previous version |
|
|
|
perl (5.30.0-9ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in regex compiler
- debian/patches/fixes/CVE-2020-10543.patch: prevent integer overflow
from nested regex quantifiers in regcomp.c.
- CVE-2020-10543
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/fixes/CVE-2020-10878-1.patch: extract
rck_elide_nothing in embed.fnc, embed.h, proto.h, regcomp.c.
- debian/patches/fixes/CVE-2020-10878-2.patch: use long jumps if there
is any possibility of overflow in regcomp.c.
- CVE-2020-10878
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/fixes/CVE-2020-12723.patch: avoid mutating regexp
program within GOSUB in embed.fnc, embed.h, proto.h, regcomp.c,
t/re/pat.t.
- CVE-2020-12723
-- Marc Deslauriers <email address hidden> Mon, 19 Oct 2020 06:56:54 -0400
|
| CVE-2020-10543 |
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. |
| CVE-2020-10878 |
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could l |
| CVE-2020-12723 |
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. |
|
About
-
Send Feedback to @ubuntu_updates
