Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
226a207f by Salvatore Bonaccorso at 2026-06-05T23:09:30+02:00
Postpone some perl updates
But baseline is, Perl maintainer will first top-down address issues in
unstable, then propose what to do with trixie and then to ideally follow
as well below.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9963,14 +9963,20 @@ CVE-2026-48715 [Stack Buffer Overflow in radvdump Route
Information Option Parse
NOTE: Crash in CLI tool, no security impact
CVE-2026-9538 (Archive::Tar versions before 3.10 for Perl allow memory
exhaustion via ...)
- perl <unfixed> (bug #1138861)
+ [trixie] - perl <postponed> (Minor issue; wait for regressions upstream
sorted out)
+ [bookworm] - perl <postponed> (Minor issue; wait for regressions
upstream sorted out)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40396448/
NOTE:
https://github.com/jib/archive-tar-new/commit/f9af01426038e29d9578825a0cd3626946ab08c7
(3.10)
CVE-2026-42497 (Archive::Tar versions before 3.08 for Perl extract hardlinks
to attack ...)
- perl <unfixed> (bug #1138859)
+ [trixie] - perl <postponed> (Minor issue; wait for regressions upstream
sorted out)
+ [bookworm] - perl <postponed> (Minor issue; wait for regressions
upstream sorted out)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40396457/
NOTE:
https://github.com/jib/archive-tar-new/commit/17c873492a05eddc0de18c1485e0b2cccd5a9158
(3.08)
CVE-2026-42496 (Archive::Tar versions before 3.08 for Perl extract symlinks
with attac ...)
- perl <unfixed> (bug #1138860)
+ [trixie] - perl <postponed> (Minor issue; wait for regressions upstream
sorted out)
+ [bookworm] - perl <postponed> (Minor issue; wait for regressions
upstream sorted out)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40396459/
NOTE:
https://github.com/jib/archive-tar-new/commit/17c873492a05eddc0de18c1485e0b2cccd5a9158
(3.08)
CVE-2026-48589 (Apache Shiro\u2019s Jakarta EE module used the HTTP Referer
header in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/226a207fb00e6bd1b382bba69865c783c86f1ec4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/226a207fb00e6bd1b382bba69865c783c86f1ec4
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
