Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aa45fe64 by Salvatore Bonaccorso at 2026-06-04T22:50:26+02:00
Add Debian bug references for perl issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7733,7 +7733,7 @@ CVE-2026-48959 (IO::Uncompress::Unzip versions before
2.220 for Perl allow CPU e
NOTE: Fixed by:
https://github.com/pmqs/IO-Compress/commit/68db44076f4c1a86a2ffe53a958eac6cabaf72e2
(v2.220)
CVE-2025-15649 (IO::Uncompress::Unzip versions before 2.215 for Perl propagate
uncaugh ...)
- libio-compress-perl 2.217-1
- - perl <unfixed>
+ - perl <unfixed> (bug #1138863)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434380/
NOTE: https://github.com/pmqs/IO-Compress/issues/65
NOTE: Fixed by:
https://github.com/pmqs/IO-Compress/commit/fd28c1d2374eee9811f6d0c5bddc0957abdf1da8
(v2.215)
@@ -8354,15 +8354,15 @@ CVE-2026-48715 [Stack Buffer Overflow in radvdump Route
Information Option Parse
NOTE:
https://github.com/radvd-project/radvd/security/advisories/GHSA-52px-gh9p-m379
NOTE: Crash in CLI tool, no security impact
CVE-2026-9538 (Archive::Tar versions before 3.10 for Perl allow memory
exhaustion via ...)
- - perl <unfixed>
+ - perl <unfixed> (bug #1138861)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40396448/
NOTE:
https://github.com/jib/archive-tar-new/commit/f9af01426038e29d9578825a0cd3626946ab08c7
(3.10)
CVE-2026-42497 (Archive::Tar versions before 3.08 for Perl extract hardlinks
to attack ...)
- - perl <unfixed>
+ - perl <unfixed> (bug #1138859)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40396457/
NOTE:
https://github.com/jib/archive-tar-new/commit/17c873492a05eddc0de18c1485e0b2cccd5a9158
(3.08)
CVE-2026-42496 (Archive::Tar versions before 3.08 for Perl extract symlinks
with attac ...)
- - perl <unfixed>
+ - perl <unfixed> (bug #1138860)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40396459/
NOTE:
https://github.com/jib/archive-tar-new/commit/17c873492a05eddc0de18c1485e0b2cccd5a9158
(3.08)
CVE-2026-48589 (Apache Shiro\u2019s Jakarta EE module used the HTTP Referer
header in ...)
@@ -15664,7 +15664,7 @@ CVE-2026-7010 (HTTP::Tiny versions before 0.093 for
Perl do not validate CRLF in
- libhttp-tiny-perl 0.092-2
[trixie] - libhttp-tiny-perl <no-dsa> (Minor issue)
[bookworm] - libhttp-tiny-perl <no-dsa> (Minor issue)
- - perl <unfixed>
+ - perl <unfixed> (bug #1138858)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/39952806/
NOTE: Fixed by:
https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/commit/d73c7651e82ace02693842df55928b6c3ae7c38d
(release-0.093)
CVE-2026-6146 (Amazon::Credentials versions through 1.2.0 for Perl uses rand
to gener ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa45fe64f7eb2fc3ff29914695ff9a9403fae000
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa45fe64f7eb2fc3ff29914695ff9a9403fae000
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
