UbuntuUpdates.org

Package "libperl-dev"

Name: libperl-dev

Description:

Perl library: development files
Latest version: 5.34.0-5ubuntu1.1
Release: kinetic (22.10)
Level: security
Repository: main
Head package: perl
Homepage: http://dev.perl.org/perl5/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libperl-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libperl-dev" in Kinetic

Repository Area Version
base main 5.34.0-5ubuntu1
updates main 5.34.0-5ubuntu1.1

Changelog

Version: 5.34.0-5ubuntu1.1 2022-11-28 18:06:21 UTC

  perl (5.34.0-5ubuntu1.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: Signature verification bypass
    - debian/patches/CVE-2020-16156-1.patch: signature
      verification type CANNOT_VERIFY was not recognized
      in cpan/CPAN/lib/CPAN/Distribution.pm.
    - debia/patches/CVE-2020-16156-2.patch: add two new failure modes
      in cpan/CPAN/lib/CPAN/Distribution.pm.
    - debian/patches/CVE-2020-16156-3.patch: use gpg
      to disentangle data and signature in cpan/CPAN/lib/CPAN/Distribution.pm.
    - debian/patches/CVE-2020-16156-4.patch: replacing die with mydie in
      three spots in cpan/CPAN/lib/CPAN/Distribution.pm.
    - debian/patches/CVE-2020-16156-5.patch: disambiguate the call
      to gpg --output by adding --verify in
      cpan/CPAN/lib/CPAN/Distribution.pm.
    - debian/patches/CVE-2020-16156-6.patch: corrects typo
      in cpan/CPAN/lib/CPAN/Distribution.pm.
    - debian/patches/CVE-2020-16156-7.patch: corrects typo
      in cpan/CPAN/lib/CPAN/Distribution.pm.
    - CVE-2020-16156

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 04 Oct 2022 09:36:22 -0300
CVE-2020-16156 CPAN 2.28 allows Signature Verification Bypass.


About   -   Send Feedback to @ubuntu_updates