Package "perl"

Name: perl


Larry Wall's Practical Extraction and Report Language

Latest version: 5.14.2-6ubuntu2.11
Release: precise (12.04)
Level: security
Repository: main


Download "perl"

Other versions of "perl" in Precise

Repository Area Version
base main 5.14.2-6ubuntu2
base universe 5.14.2-6ubuntu2
security universe 5.14.2-6ubuntu2.11
updates main 5.14.2-6ubuntu2.11
updates universe 5.14.2-6ubuntu2.11

Packages in group

Deleted packages are displayed in grey.


Version: 5.14.2-6ubuntu2.11 2021-05-03 14:07:17 UTC

  perl (5.14.2-6ubuntu2.11) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: heap buffer overflow in regex compiler
    - debian/patches/CVE-2020-10543.patch: prevent integer overflow
      from nested regex quantifiers in regcomp.c.
    - CVE-2020-10543
  * SECURITY UPDATE: regex intermediate language state corruption
    - debian/patches/CVE-2020-10878.patch: extract
      rck_elide_nothing in embed.fnc, embed.h, proto.h, regcomp.c.
    - CVE-2020-10878
  * SECURITY UPDATE: regex intermediate language state corruption
    - debian/patches/CVE-2020-12723.patch: avoid mutating regexp
      program within GOSUB in embed.fnc, embed.h, proto.h, regcomp.c,
    - CVE-2020-12723
  * debian/patches/fix_test_2020.patch: fix FTBFS caused by test
    failing in the year 2020 in cpan/Time-Local/t/Local.t.

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 26 Oct 2020 09:21:23 -0300

Source diff to previous version
CVE-2020-10543 Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
CVE-2020-10878 Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could l
CVE-2020-12723 regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

Version: 5.14.2-6ubuntu2.5 2016-03-02 14:07:37 UTC

  perl (5.14.2-6ubuntu2.5) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via regular expression invalid
    - debian/patches/CVE-2013-7422.patch: properly handle big
      backreferences in regcomp.c.
    - CVE-2013-7422
  * SECURITY UPDATE: denial of service in Data::Dumper
    - debian/patches/CVE-2014-4330.patch: limit recursion in MANIFEST,
      dist/Data-Dumper/Dumper.pm, dist/Data-Dumper/Dumper.xs,
    - CVE-2014-4330
  * SECURITY UPDATE: environment variable confusion issue
    - debian/patches/CVE-2016-2381.patch: remove duplicate environment
      variables from environ in perl.c.
    - CVE-2016-2381

 -- Marc Deslauriers <email address hidden> Tue, 01 Mar 2016 11:02:10 -0500

Source diff to previous version
CVE-2013-7422 Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to ex
CVE-2014-4330 The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (

Version: 5.14.2-6ubuntu2.4 2014-02-05 19:06:26 UTC

  perl (5.14.2-6ubuntu2.4) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary command execution via _compile function in
    - debian/patches/CVE-2012-6329.patch: escape backslashes and reject
      method names with colons or apostrophes in
    - CVE-2012-6329
 -- Marc Deslauriers <email address hidden> Tue, 04 Feb 2014 16:02:26 -0500

Source diff to previous version
CVE-2012-6329 The _compile function in Maketext.pm in the Locale::Maketext ...

Version: 5.14.2-6ubuntu2.3 2013-03-19 19:07:06 UTC

  perl (5.14.2-6ubuntu2.3) precise-security; urgency=low

  * SECURITY UPDATE: algorithmic complexity attack on hash keys
    - debian/patches/CVE-2013-1667.patch: fix hsplit() in hv.c, fix tests
      in ext/Hash-Util-FieldHash/t/10_hash.t, t/op/hash.t.
    - CVE-2013-1667
 -- Marc Deslauriers <email address hidden> Mon, 18 Mar 2013 10:48:33 -0400

Source diff to previous version

Version: 5.14.2-6ubuntu2.2 2012-11-30 03:07:14 UTC

  perl (5.14.2-6ubuntu2.2) precise-security; urgency=low

  * SECURITY UPDATE: Heap overflow in "x" operator (LP: #1069034)
    - CVE-2012-5195
  * SECURITY UPDATE: CGI.pm improper cookie and p3p CRLF escaping
    - CVE-2012-5526
 -- Seth Arnold <email address hidden> Mon, 26 Nov 2012 11:27:58 -0800

1069034 [CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator
CVE-2012-5195 perl: segfaults when echoing a very long string
CVE-2012-5526 CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inje

About   -   Send Feedback to @ubuntu_updates