perl (5.14.2-6ubuntu2.11) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: heap buffer overflow in regex compiler
- debian/patches/CVE-2020-10543.patch: prevent integer overflow
from nested regex quantifiers in regcomp.c.
- CVE-2020-10543
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/CVE-2020-10878.patch: extract
rck_elide_nothing in embed.fnc, embed.h, proto.h, regcomp.c.
- CVE-2020-10878
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/CVE-2020-12723.patch: avoid mutating regexp
program within GOSUB in embed.fnc, embed.h, proto.h, regcomp.c,
t/re/pat.t.
- CVE-2020-12723
* debian/patches/fix_test_2020.patch: fix FTBFS caused by test
failing in the year 2020 in cpan/Time-Local/t/Local.t.
perl (5.14.2-6ubuntu2.9) precise-security; urgency=medium
* SECURITY UPDATE: Integer overflow leading to buffer overflow
- debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in
util.c.
- CVE-2018-18311
* SECURITY UPDATE: Heap-buffer-overflow read
- debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to
memchr in regcomp.c.
- CVE-2018-18313
perl (5.14.2-6ubuntu2.8) precise-security; urgency=medium
* SECURITY UPDATE: Directory traversal vulnerability
- debian/patches/CVE-2018-12015.patch: fix ing
cpan/Archive-Tar/lib/Archive/Tar.pm.
- CVE-2018-12015
perl (5.14.2-6ubuntu2.7) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: infinite loop via crafted utf-8 data
- debian/patches/fixes/CVE-2015-8853-1.patch: fix hangs in regexec.c,
t/re/pat.t.
- debian/patches/fixes/CVE-2015-8853-2.patch: use
Perl_croak_nocontext() in regexec.c.
- CVE-2015-8853
* SECURITY UPDATE: arbitrary code exec via library in cwd
- debian/patches/fixes/CVE-2016-6185.patch: properly handle paths in
dist/XSLoader/XSLoader_pm.PL, dist/XSLoader/t/XSLoader.t.
- CVE-2016-6185
* SECURITY UPDATE: race condition in rmtree and remove_tree
- debian/patches/fixes/CVE-2017-6512-pre.patch: correct the order of
tests of chmod() in cpan/ExtUtils-Command/t/eu_command.t.
- debian/patches/fixes/CVE-2017-6512.patch: prevent race in
cpan/File-Path/lib/File/Path.pm, cpan/File-Path/t/Path.t.
- CVE-2017-6512
* SECURITY UPDATE: heap buffer overflow bug
- debian/patches/fixes/CVE-2018-6913.patch: fix various space
calculation issues in pp_pack.c, t/op/pack.t.
- CVE-2018-6913
perl (5.14.2-6ubuntu2.6) precise-security; urgency=medium
* SECURITY UPDATE: Buffer overflow via crafted regular expressiion
- debian/patches/CVE-2017-12883.patch: fix crafted expression
with invalid '\N{U+...}' escape in regcomp.c
- CVE-2017-12883
Date: 2020-10-26 16:40:14.020698+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langa...@canonical.com>
https://launchpad.net/ubuntu/+source/perl/5.14.2-6ubuntu2.11
Sorry, changesfile not available.
--
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/precise-changes