Bug#1135859: trixie-pu: package libtext-csv-xs-perl/1.60-1+deb13u1

gregor herrmann Wed, 06 May 2026 10:31:21 -0700

Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:libtext-csv-xs-perl
User: [email protected]
Usertags: pu


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

In coordination with the security team, I've uploaded 
libtext-csv-xs-perl/1.60-1+deb13u1 to trixie in order to fix 
https://security-tracker.debian.org/tracker/CVE-2026-7111
aka #1135232

| Text::CSV_XS versions before 1.62 for Perl have a use-after-free when 
| registered callbacks extend the Perl argument stack, which may enable 
| type confusion or memory corruption. …

The fix is 1 quilt patch, taken from the respective uptream commit 
(also included in the 1.62 upstream release, aka tested in the wild), 
which is also already in unstable.

Find attached the complete debdiff against the version in trixie.


Thanks in advance,
gregor

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmn7ep1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgb4Sw//ckWUm+rojfX9peN3hUjtA5DFqwN4LCBgwAklj5gDkzwbgnQuFuV6SHlL
38kWtqQuxRLAQg6lkcngV6M3J1I0f/fnJgGuRtDF463NKc0xo+iQqEYJc6VYy6U1
dFYRRE/z/WYgFfxS1h9A4Gxc4isIXVtn5omZNCeEHXII4fQk8DmFan/eWwGc7cZh
nmBzBwQ4HTZD7kVJ4OHK9BRU12yj+bpJdtnm2gyP7PCiW03xUpkLDZVJvWZfSO+e
8DOVFlXeS3qX7uvSqdqQTMFJnOZ0by/kKdILDeQD8yHkB1+31CDvOcL+YWPjd184
CTLEhD+TrRK1HpOa954FUEYVlquLfct/YfFDA/PmDyZSz9QfCiMmkQgEnL02Bcpw
LBOvtvFDgl1MTC2pvt7rKMzx2xnGwSy6aYo9C+sEOS1JbT2lj0WlR0hkZE1kWCh1
g/wyBC8AU3QRUQhsEtvkGkr6lbvsYO+j6pCsIOEBr5nBjR+k+FdIGp84Vx01L/v1
Fk+a3gFXOFBsbtILCrFMyT+m41G8epbBr6D+aXoZFnp/jPxX0+RxA7touxsEi8pQ
Odr+8GCHS924RPa/syuUAvwi0w6q27EQltLQNppb59ID2Yztf/bOthskvGLehwqp
HiE8natvdAyTrHYFIAZWb9WD4x2BIbWKFRsx0by0jqNEDavsMhc=
=npYS
-----END PGP SIGNATURE-----

diff -Nru libtext-csv-xs-perl-1.60/debian/changelog 
libtext-csv-xs-perl-1.60/debian/changelog
--- libtext-csv-xs-perl-1.60/debian/changelog   2025-02-02 02:20:05.000000000 
+0100
+++ libtext-csv-xs-perl-1.60/debian/changelog   2026-05-06 17:02:23.000000000 
+0200
@@ -1,3 +1,11 @@
+libtext-csv-xs-perl (1.60-1+deb13u1) trixie; urgency=medium
+
+  * Fix possible stack corruption: CVE-2026-7111.
+    Patch taken from upstream Git commit, as released in 1.62.
+    (Closes: #1135232)
+
+ -- gregor herrmann <[email protected]>  Wed, 06 May 2026 17:02:23 +0200
+
 libtext-csv-xs-perl (1.60-1) unstable; urgency=medium
 
   * Import upstream version 1.60.
diff -Nru 
libtext-csv-xs-perl-1.60/debian/patches/0001-Fix-possible-stack-corruption.patch
 
libtext-csv-xs-perl-1.60/debian/patches/0001-Fix-possible-stack-corruption.patch
--- 
libtext-csv-xs-perl-1.60/debian/patches/0001-Fix-possible-stack-corruption.patch
    1970-01-01 01:00:00.000000000 +0100
+++ 
libtext-csv-xs-perl-1.60/debian/patches/0001-Fix-possible-stack-corruption.patch
    2026-05-06 17:02:23.000000000 +0200
@@ -0,0 +1,114 @@
+From c17f31a5f2bf36674748eb4b6e25672f0571a224 Mon Sep 17 00:00:00 2001
+From: "H.Merijn Brand - Tux" <[email protected]>
+Date: Sat, 25 Apr 2026 16:18:57 +0200
+Subject: [PATCH] Fix possible stack corruption (thanks leont) (issue 65)
+
+SPAGAIN required if callbacks can extend the stack
+
+
+Bug: https://github.com/cpan-authors/Text-CSV_XS/issues/65
+Bug-Debian: https://bugs.debian.org/1135232
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2026-7111
+
+
+---
+ CSV_XS.xs           | 36 ++++++++++++++++++------------------
+ ChangeLog           |  1 +
+ cpanfile            |  2 +-
+ sandbox/issue-65.pl | 41 ++++++++++++++++++++++++++++++++++++++---
+ 4 files changed, 58 insertions(+), 22 deletions(-)
+
+diff --git a/CSV_XS.xs b/CSV_XS.xs
+index f89859e..c348f83 100644
+--- a/CSV_XS.xs
++++ b/CSV_XS.xs
+@@ -122,6 +122,12 @@ static unsigned char ec, ebcdic2ascii[256] = {
+       croak ("self is not a hash ref");               \
+     hv = (HV *)SvRV (self)
+ 
++#define undef &PL_sv_undef
++#define PUT_RETURN(x) \
++    SPAGAIN;          \
++    ST (0) = x;               \
++    XSRETURN (1)
++
+ /* Keep in sync with .pm! */
+ #define CACHE_ID_quote_char           0
+ #define CACHE_ID_escape_char          1
+@@ -2603,7 +2609,7 @@ BOOT:
+     Perl_load_module (aTHX_ PERL_LOADMOD_NOIMPORT, newSVpvs ("IO::Handle"), 
NULL, NULL, NULL);
+ 
+ void
+-SetDiag (SV *self, int xse, ...)
++SetDiag (SV *self, int xse, SV *line = undef)
+ 
+   PPCODE:
+     HV                *hv;
+@@ -2619,8 +2625,8 @@ SetDiag (SV *self, int xse, ...)
+       ST (0) = sv_2mortal (SvDiag (xse));
+       }
+ 
+-    if (xse && items > 2 && SvPOK (ST (2))) {
+-      sv_setpvn (ST (0),  SvPVX (ST (2)), SvCUR (ST (2)));
++    if (xse && SvPOK (line)) {
++      sv_setpvn (ST (0),  SvPVX (line), SvCUR (line));
+       SvIOK_on  (ST (0));
+       }
+ 
+@@ -2670,8 +2676,8 @@ Parse (SV *self, SV *src, SV *fields, SV *fflags)
+     av  = (AV *)SvRV (fields);
+     avf = (AV *)SvRV (fflags);
+ 
+-    ST (0) = xsParse (self, hv, av, avf, src, 0) ? &PL_sv_yes : &PL_sv_no;
+-    XSRETURN (1);
++    int x = xsParse (self, hv, av, avf, src, 0);
++    PUT_RETURN (x ? &PL_sv_yes : &PL_sv_no);
+     /* XS Parse */
+ 
+ void
+@@ -2691,8 +2697,8 @@ print (SV *self, SV *io, SV *fields)
+       av = (AV *)SvRV (fields);
+       }
+ 
+-    ST (0) = xsCombine (self, hv, av, io, 1) ? &PL_sv_yes : &PL_sv_no;
+-    XSRETURN (1);
++    int x = xsCombine (self, hv, av, io, 1);
++    PUT_RETURN (x ? &PL_sv_yes : &PL_sv_no);
+     /* XS print */
+ 
+ void
+@@ -2706,26 +2712,20 @@ getline (SV *self, SV *io)
+     CSV_XS_SELF;
+     av  = newAV ();
+     avf = newAV ();
+-    ST (0) = xsParse (self, hv, av, avf, io, 1)
+-      ? sv_2mortal (newRV_noinc ((SV *)av))
+-      : &PL_sv_undef;
+-    XSRETURN (1);
++    int x = xsParse (self, hv, av, avf, io, 1);
++    PUT_RETURN (x ? sv_2mortal (newRV_noinc ((SV *)av)) : undef);
+     /* XS getline */
+ 
+ void
+-getline_all (SV *self, SV *io, ...)
++getline_all (SV *self, SV *io, SV *offset = undef, SV *length = undef)
+ 
+   PPCODE:
+     HV        *hv;
+-    SV  *offset, *length;
+ 
+     CSV_XS_SELF;
+ 
+-    offset = items > 2 ? ST (2) : &PL_sv_undef;
+-    length = items > 3 ? ST (3) : &PL_sv_undef;
+-
+-    ST (0) = xsParse_all (self, hv, io, offset, length);
+-    XSRETURN (1);
++    SV *x  = xsParse_all (self, hv, io, offset, length);
++    PUT_RETURN (x);
+     /* XS getline_all */
+ 
+ void
+-- 
+2.53.0
+
diff -Nru libtext-csv-xs-perl-1.60/debian/patches/series 
libtext-csv-xs-perl-1.60/debian/patches/series
--- libtext-csv-xs-perl-1.60/debian/patches/series      1970-01-01 
01:00:00.000000000 +0100
+++ libtext-csv-xs-perl-1.60/debian/patches/series      2026-05-06 
17:02:23.000000000 +0200
@@ -0,0 +1 @@
+0001-Fix-possible-stack-corruption.patch

Bug#1135859: trixie-pu: package libtext-csv-xs-perl/1.60-1+deb13u1

Reply via email to