[ubuntu/precise-security] perl 5.14.2-6ubuntu2.11 (Accepted)

[Steve Langasek]

perl (5.14.2-6ubuntu2.11) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: heap buffer overflow in regex compiler
    - debian/patches/CVE-2020-10543.patch: prevent integer overflow
      from nested regex quantifiers in regcomp.c.
    - CVE-2020-10543
  * SECURITY UPDATE: regex intermediate language state corruption
    - debian/patches/CVE-2020-10878.patch: extract
      rck_elide_nothing in embed.fnc, embed.h, proto.h, regcomp.c.
    - CVE-2020-10878
  * SECURITY UPDATE: regex intermediate language state corruption
    - debian/patches/CVE-2020-12723.patch: avoid mutating regexp
      program within GOSUB in embed.fnc, embed.h, proto.h, regcomp.c,
      t/re/pat.t.
    - CVE-2020-12723
  * debian/patches/fix_test_2020.patch: fix FTBFS caused by test
    failing in the year 2020 in cpan/Time-Local/t/Local.t.

perl (5.14.2-6ubuntu2.9) precise-security; urgency=medium

  * SECURITY UPDATE: Integer overflow leading to buffer overflow
    - debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in
      util.c.
    - CVE-2018-18311
  * SECURITY UPDATE: Heap-buffer-overflow read
    - debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to
      memchr in regcomp.c.
    - CVE-2018-18313

perl (5.14.2-6ubuntu2.8) precise-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability
    - debian/patches/CVE-2018-12015.patch: fix ing
      cpan/Archive-Tar/lib/Archive/Tar.pm.
    - CVE-2018-12015

perl (5.14.2-6ubuntu2.7) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: infinite loop via crafted utf-8 data
    - debian/patches/fixes/CVE-2015-8853-1.patch: fix hangs in regexec.c,
      t/re/pat.t.
    - debian/patches/fixes/CVE-2015-8853-2.patch: use
      Perl_croak_nocontext() in regexec.c.
    - CVE-2015-8853
  * SECURITY UPDATE: arbitrary code exec via library in cwd
    - debian/patches/fixes/CVE-2016-6185.patch: properly handle paths in
      dist/XSLoader/XSLoader_pm.PL, dist/XSLoader/t/XSLoader.t.
    - CVE-2016-6185
  * SECURITY UPDATE: race condition in rmtree and remove_tree
    - debian/patches/fixes/CVE-2017-6512-pre.patch: correct the order of
      tests of chmod() in cpan/ExtUtils-Command/t/eu_command.t.
    - debian/patches/fixes/CVE-2017-6512.patch: prevent race in
      cpan/File-Path/lib/File/Path.pm, cpan/File-Path/t/Path.t.
    - CVE-2017-6512
  * SECURITY UPDATE: heap buffer overflow bug
    - debian/patches/fixes/CVE-2018-6913.patch: fix various space
      calculation issues in pp_pack.c, t/op/pack.t.
    - CVE-2018-6913

perl (5.14.2-6ubuntu2.6) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow via crafted regular expressiion
    - debian/patches/CVE-2017-12883.patch: fix crafted expression
      with invalid '\N{U+...}' escape in regcomp.c
    - CVE-2017-12883

Date: 2020-10-26 16:40:14.020698+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langa...@canonical.com>
https://launchpad.net/ubuntu/+source/perl/5.14.2-6ubuntu2.11

Sorry, changesfile not available.
-- 
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/precise-changes