Your message dated Sat, 30 May 2026 13:48:45 +0000
with message-id <[email protected]>
and subject line Bug#1138273: fixed in libcpanel-json-xs-perl 4.41-1
has caused the Debian Bug report #1138273,
regarding libcpanel-json-xs-perl: CVE-2026-9334 CVE-2026-9516
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1138273: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138273
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libcpanel-json-xs-perl
Version: 4.40-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for libcpanel-json-xs-perl.
CVE-2026-9334[0]:
| dupkeys_as_arrayref type confusion
CVE-2026-9516[1]:
| BOM-shift PV-corruption SIGABRT
Gregor, both are fixed in the new upstream version 4.41.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-9334
https://www.cve.org/CVERecord?id=CVE-2026-9334
https://github.com/rurban/Cpanel-JSON-XS/commit/11a7c550a0d8fac2f84414f24d5df9b2bfe346e2
[1] https://security-tracker.debian.org/tracker/CVE-2026-9516
https://www.cve.org/CVERecord?id=CVE-2026-9516
https://github.com/rurban/Cpanel-JSON-XS/commit/dfe1b41a36caba51dc12a2917fe50285d1ffaa7b
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libcpanel-json-xs-perl
Source-Version: 4.41-1
Done: gregor herrmann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libcpanel-json-xs-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated libcpanel-json-xs-perl
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 30 May 2026 15:32:44 +0200
Source: libcpanel-json-xs-perl
Architecture: source
Version: 4.41-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Closes: 1138273
Changes:
libcpanel-json-xs-perl (4.41-1) unstable; urgency=medium
.
* Team upload.
* Import upstream version 4.41.
- Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
- Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)
- Fix incr_parse single-quote string delimiter (GH #245)
- Fix a one-byte out-of-bounds heap read reachable via allow_barekey on
truncated input (GH #244)
Closes: #1138273
* Declare compliance with Debian Policy 4.7.4.
Checksums-Sha1:
2d5f36047ea48b547725be8fe26aa47293c6c9f1 2591 libcpanel-json-xs-perl_4.41-1.dsc
437a91a4cbbae33f67881a909bcd670e5989581e 263443
libcpanel-json-xs-perl_4.41.orig.tar.gz
bc5ecfd2d33a3be8c028f7c76f519e902ae10818 4316
libcpanel-json-xs-perl_4.41-1.debian.tar.xz
Checksums-Sha256:
db790f7ad9f39d3b575e8e691a3c0c583583e207cd9e9a2aba73a3a6c08ab927 2591
libcpanel-json-xs-perl_4.41-1.dsc
fd5194307aa195bb0acbca52c2026c3ecaa5334d27e08e379dc78631718e9d53 263443
libcpanel-json-xs-perl_4.41.orig.tar.gz
c88dc4810966f09d0cff2ec9ee906c7fbdbc2f809a805137f0a478637df151c0 4316
libcpanel-json-xs-perl_4.41-1.debian.tar.xz
Files:
5fee7fd741c69790e48f7258deaa455e 2591 perl optional
libcpanel-json-xs-perl_4.41-1.dsc
66ab72ca5f96e271c59080575f6ad0e1 263443 perl optional
libcpanel-json-xs-perl_4.41.orig.tar.gz
fd0244004482308c59bfea3d129baead 4316 perl optional
libcpanel-json-xs-perl_4.41-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmoa56VfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgYpPRAAmHcwUJ5c29iikH/XMBSlJ4Ls2ElVvTkc2LllfgTIkvN8CcD1QCkO3xhs
rgxLXfUKKNyN8Gk7qGqaVkOT3eQ2+eS8jy6sdmcOwhyANamZ6C7/BFEwyvKwpa33
e+lFqY390J7wwdWRMvp0Glg/JkaF9dUQpo1lLdEjS73p1LtuVFE8AQSHemOiXVc8
Zxa0iOcxTkpHIHkefW+XX5/xRgah7wGQYCZQ9NJCN1rLVdtVwlcj2DZoC1+nNklq
f/vNBO03yfTkeDJ40oAsZYV1THoBLHq4GNGwmay/XLE3Y98dnYrG7krcniq/+hTk
q2OnNejyspj2g3dcwDZ12zPE3uJeD6o7lyXtBplc9kJTrI7ovAPMuHOqJD3KKTfL
YjrOpfkL27ckbbksNXcWA9Lj1b2FZU1PQHO78hrAKsZrdH9vbi7ytk2GFjsORB1p
M/Cc76uu6xfSww1q8qlTWMMqmqqO8olqjH9LjgiecRvMaR4pFRe/NQd8nIGvak/d
oDn4tyF1CRz+Zh1iCMZbC0jLMs3C5VcpE7Od9RawVPRulj+zPFFrLRdGgNw9sc6D
WYHetMUZokPijQjZBDushGXOOGJSlnlKUfZCyO9J2CPauCX7m9zHTHHdifT2qM9B
hQ0RMLu3ExiqiE6qu+ECEfLtIFSKCkKNMpstGsHvGsXnxeKcJOI=
=KvOA
-----END PGP SIGNATURE-----
pgpV8yAEfZ1v4.pgp
Description: PGP signature
--- End Message ---
