Package "perl"
Name: |
perl
|
Description: |
Larry Wall's Practical Extraction and Report Language
|
Latest version: |
5.22.1-9ubuntu0.9 |
Release: |
xenial (16.04) |
Level: |
updates |
Repository: |
main |
Homepage: |
http://dev.perl.org/perl5/ |
Links
Download "perl"
Other versions of "perl" in Xenial
Packages in group
Deleted packages are displayed in grey.
Changelog
perl (5.22.1-9ubuntu0.9) xenial-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in regex compiler
- debian/patches/fixes/CVE-2020-10543.patch: prevent integer overflow
from nested regex quantifiers in regcomp.c.
- CVE-2020-10543
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/fixes/CVE-2020-10878.patch: extract
rck_elide_nothing in embed.fnc, embed.h, proto.h, regcomp.c.
- CVE-2020-10878
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/fixes/CVE-2020-12723.patch: avoid mutating regexp
program within GOSUB in embed.fnc, embed.h, proto.h, regcomp.c,
t/re/pat.t.
- CVE-2020-12723
* debian/patches/fixes/fix_test_2020.patch: fix FTBFS caused by test
failing in the year 2020 in cpan/Time-Local/t/Local.t.
-- Marc Deslauriers <email address hidden> Mon, 19 Oct 2020 06:57:56 -0400
|
Source diff to previous version |
CVE-2020-10543 |
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. |
CVE-2020-10878 |
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could l |
CVE-2020-12723 |
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. |
|
perl (5.22.1-9ubuntu0.6) xenial-security; urgency=medium
* SECURITY UPDATE: Integer overflow leading to buffer overflow
- debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in
util.c.
- CVE-2018-18311
* SECURITY UPDATE: Heap-buffer-overflow write / reg_node overrun
- debian/patches/fixes/CVE-2018-18312.patch: fix logic in regcomp.c.
- CVE-2018-18312
* SECURITY UPDATE: Heap-buffer-overflow read
- debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to
memchr in regcomp.c.
- CVE-2018-18313
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/fixes/CVE-2018-18314.patch: fix extended charclass in
pod/perldiag.pod, pod/perlrecharclass.pod, regcomp.c,
t/re/reg_mesg.t, t/re/regex_sets.t.
- CVE-2018-18314
-- Marc Deslauriers <email address hidden> Mon, 19 Nov 2018 13:29:35 -0500
|
Source diff to previous version |
|
perl (5.22.1-9ubuntu0.5) xenial-security; urgency=medium
* SECURITY UPDATE: Directory traversal vulnerability
- debian/patches/fixes/CVE-2018-12015.patch: fix ing
cpan/Archive-Tar/lib/Archive/Tar.pm.
- CVE-2018-12015
-- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Jun 2018 16:30:44 -0300
|
Source diff to previous version |
CVE-2018-12015 |
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary |
|
perl (5.22.1-9ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: arbitrary code exec via library in cwd
- debian/patches/fixes/CVE-2016-6185.patch: properly handle paths in
dist/XSLoader/XSLoader_pm.PL, dist/XSLoader/t/XSLoader.t.
- CVE-2016-6185
* SECURITY UPDATE: race condition in rmtree and remove_tree
- debian/patches/fixes/CVE-2017-6512-pre.patch: correct the order of
tests of chmod() in cpan/ExtUtils-Command/t/eu_command.t.
- debian/patches/fixes/CVE-2017-6512.patch: prevent race in
cpan/File-Path/lib/File/Path.pm, cpan/File-Path/t/Path.t.
- CVE-2017-6512
* SECURITY UPDATE: heap write overflow bug
- debian/patches/fixes/CVE-2018-6797.patch: restart a node if we change
to uni rules within the node and encounter a sharp S in regcomp.c.
- CVE-2018-6797
* SECURITY UPDATE: heap read overflow bug
- debian/patches/fixes/CVE-2018-6798-1.patch: check lengths in
regexec.c, t/lib/warnings/regexec.
- debian/patches/fixes/CVE-2018-6798-2.patch: account for non-utf8
target in regexec.c, t/re/re_tests.
- debian/patches/fixes/CVE-2018-6798-3.patch: no longer warns in
t/lib/warnings/regexec.
- CVE-2018-6798
* SECURITY UPDATE: heap buffer overflow bug
- debian/patches/fixes/CVE-2018-6913.patch: fix various space
calculation issues in pp_pack.c, t/op/pack.t.
- CVE-2018-6913
-- Marc Deslauriers <email address hidden> Thu, 05 Apr 2018 08:48:47 -0400
|
Source diff to previous version |
CVE-2016-6185 |
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execu |
CVE-2017-6512 |
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary fil |
CVE-2018-6797 |
heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c) |
CVE-2018-6798 |
Heap-buffer-overflow in Perl__byte_dump_string (utf8.c) |
CVE-2018-6913 |
heap-buffer-overflow in S_pack_rec |
|
perl (5.22.1-9ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: Buffer overflow via crafted regular expressiion
- debian/patches/fixes/CVE-2017-12883.patch: fix crafted expression
with invalid '\N{U+...}' escape in regcomp.c
- CVE-2017-12883
* SECURITY UPDATE: heap-based buffer overflow in S_regatom
- debian/patches/fixes/CVE-2017-12837.patch: fix issue in regcomp.c
- CVE-2017-12837
-- <email address hidden> (Leonidas S. Barbosa) Fri, 10 Nov 2017 11:39:06 -0300
|
CVE-2017-12883 |
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disc |
CVE-2017-12837 |
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to |
|
About
-
Send Feedback to @ubuntu_updates