Package "perl"
| Name: |
perl
|
Description: |
Larry Wall's Practical Extraction and Report Language
|
| Latest version: |
5.26.1-6ubuntu0.5 |
| Release: |
bionic (18.04) |
| Level: |
updates |
| Repository: |
main |
| Homepage: |
http://dev.perl.org/perl5/ |
Links
Download "perl"
Other versions of "perl" in Bionic
Packages in group
Deleted packages are displayed in grey.
Changelog
|
perl (5.26.1-6ubuntu0.5) bionic-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in regex compiler
- debian/patches/fixes/CVE-2020-10543.patch: prevent integer overflow
from nested regex quantifiers in regcomp.c.
- CVE-2020-10543
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/fixes/CVE-2020-10878.patch: extract
rck_elide_nothing in embed.fnc, embed.h, proto.h, regcomp.c.
- CVE-2020-10878
* SECURITY UPDATE: regex intermediate language state corruption
- debian/patches/fixes/CVE-2020-12723.patch: avoid mutating regexp
program within GOSUB in embed.fnc, embed.h, proto.h, regcomp.c,
t/re/pat.t.
- CVE-2020-12723
* debian/patches/fixes/fix_test_2020.patch: fix FTBFS caused by test
failing in the year 2020 in cpan/Time-Local/t/Local.t.
-- Marc Deslauriers <email address hidden> Mon, 19 Oct 2020 06:57:24 -0400
|
| Source diff to previous version |
| CVE-2020-10543 |
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. |
| CVE-2020-10878 |
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could l |
| CVE-2020-12723 |
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. |
|
|
perl (5.26.1-6ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow leading to buffer overflow
- debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in
util.c.
- CVE-2018-18311
* SECURITY UPDATE: Heap-buffer-overflow write / reg_node overrun
- debian/patches/fixes/CVE-2018-18312.patch: fix logic in regcomp.c.
- CVE-2018-18312
* SECURITY UPDATE: Heap-buffer-overflow read
- debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to
memchr in regcomp.c.
- CVE-2018-18313
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/fixes/CVE-2018-18314.patch: fix extended charclass in
pod/perldiag.pod, pod/perlrecharclass.pod, regcomp.c,
t/lib/warnings/regcomp, t/re/reg_mesg.t, t/re/regex_sets.t.
- CVE-2018-18314
-- Marc Deslauriers <email address hidden> Mon, 19 Nov 2018 10:54:44 -0500
|
| Source diff to previous version |
|
|
|
perl (5.26.1-6ubuntu0.2) bionic; urgency=high
* No change rebuild to fix LP: #1574351
-- Balint Reczey <email address hidden> Wed, 18 Jul 2018 16:21:03 +0200
|
| Source diff to previous version |
| 1574351 |
package libperl5.22 5.22.1-9 failed to install/upgrade: trying to overwrite shared '/usr/share/doc/libperl5.22/changelog.Debian.gz', which is differe |
|
|
perl (5.26.1-6ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Directory traversal vulnerability
- debian/patches/fixes/CVE-2018-12015.patch: fix ing
cpan/Archive-Tar/lib/Archive/Tar.pm.
- CVE-2018-12015
-- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Jun 2018 16:32:02 -0300
|
| CVE-2018-12015 |
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary |
|
About
-
Send Feedback to @ubuntu_updates
