[Git][security-tracker-team/security-tracker][master] Track fixed version for perl issues fixed via unstable upload

Salvatore Bonaccorso (@carnil) Sat, 06 Jun 2026 11:35:11 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ec0547f4 by Salvatore Bonaccorso at 2026-06-06T20:34:31+02:00
Track fixed version for perl issues fixed via unstable upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9487,7 +9487,7 @@ CVE-2026-46644 [insecure equivalence in 
symfony/polyfill-intl-idn for ASCII-only
        NOTE: 
https://github.com/symfony/polyfill/security/advisories/GHSA-2xf4-cg6j-vhgq
 CVE-2026-48962 (IO::Compress versions before 2.220 for Perl can execute 
arbitrary code ...)
        - libio-compress-perl 2.220-1 (bug #1138055)
-       - perl <unfixed> (bug #1138854)
+       - perl 5.40.1-8 (bug #1138854)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434385/
        NOTE: Fixed by: 
https://github.com/pmqs/IO-Compress/commit/f2db247bf90d4cc7ee2710be384946081f3b4610
 (v2.220)
 CVE-2026-48961 (IO::Compress versions from 2.207 before 2.220 for Perl ship a 
zipdetai ...)
@@ -9495,18 +9495,18 @@ CVE-2026-48961 (IO::Compress versions from 2.207 before 
2.220 for Perl ship a zi
        [trixie] - libio-compress-perl <no-dsa> (Minor issue)
        [bookworm] - libio-compress-perl <not-affected> (Vulnerable code 
introduced later)
        [bullseye] - libio-compress-perl <not-affected> (Vulnerable code 
introduced later)
-       - perl <unfixed> (bug #1138855)
+       - perl 5.40.1-8 (bug #1138855)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434383/
        NOTE: Introduced with: 
https://github.com/pmqs/IO-Compress/commit/ddfe67584a228877e5d28840da75ff32e435a5e3
 (v2.207)
        NOTE: Fixed by: 
https://github.com/pmqs/IO-Compress/commit/33c89d03d6e746ed2ead4f2f6570d47864c61bc7
 (v2.220)
 CVE-2026-48959 (IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU 
exhaust ...)
        - libio-compress-perl 2.220-1 (bug #1138051)
-       - perl <unfixed> (bug #1138856)
+       - perl 5.40.1-8 (bug #1138856)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434381/
        NOTE: Fixed by: 
https://github.com/pmqs/IO-Compress/commit/68db44076f4c1a86a2ffe53a958eac6cabaf72e2
 (v2.220)
 CVE-2025-15649 (IO::Uncompress::Unzip versions before 2.215 for Perl propagate 
uncaugh ...)
        - libio-compress-perl 2.217-1
-       - perl <unfixed> (bug #1138863)
+       - perl 5.40.1-8 (bug #1138863)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434380/
        NOTE: https://github.com/pmqs/IO-Compress/issues/65
        NOTE: Fixed by: 
https://github.com/pmqs/IO-Compress/commit/fd28c1d2374eee9811f6d0c5bddc0957abdf1da8
 (v2.215)
@@ -11224,7 +11224,7 @@ CVE-2026-5091 (Catalyst::Plugin::Authentication 
versions through 0.10024 for Per
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/40281889/
        NOTE: 
https://github.com/perl-catalyst/Catalyst-Plugin-Authentication/commit/b0515f492257438cf07082acf1e10d06e8088a5e
 (v0.10_025)
 CVE-2026-8376 (Perl versions through 5.43.10 have a heap buffer overflow when 
compili ...)
-       - perl <unfixed> (bug #1137345)
+       - perl 5.40.1-8 (bug #1137345)
        [trixie] - perl <no-dsa> (Minor issue; can be fixed in point release)
        [bookworm] - perl <no-dsa> (Minor issue; can be fixed in point release)
        [bullseye] - perl <postponed> (Minor issue; can be fixed in point 
release)
@@ -17468,7 +17468,7 @@ CVE-2026-7010 (HTTP::Tiny versions before 0.093 for 
Perl do not validate CRLF in
        - libhttp-tiny-perl 0.092-2
        [trixie] - libhttp-tiny-perl <no-dsa> (Minor issue)
        [bookworm] - libhttp-tiny-perl <no-dsa> (Minor issue)
-       - perl <unfixed> (bug #1138858)
+       - perl 5.40.1-8 (bug #1138858)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/39952806/
        NOTE: Fixed by: 
https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/commit/d73c7651e82ace02693842df55928b6c3ae7c38d
 (release-0.093)
 CVE-2026-6146 (Amazon::Credentials versions through 1.2.0 for Perl uses rand 
to gener ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec0547f40acca3aace02e7b145ef565b315bc032

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec0547f40acca3aace02e7b145ef565b315bc032
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for perl issues fixed via unstable upload

Reply via email to