Package "perl-base"
Name: |
perl-base
|
Description: |
minimal Perl system
|
Latest version: |
5.18.2-2ubuntu1.7 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
main |
Head package: |
perl |
Homepage: |
http://dev.perl.org/perl5/ |
Links
Download "perl-base"
Other versions of "perl-base" in Trusty
Changelog
perl (5.18.2-2ubuntu1.7) trusty-security; urgency=medium
* SECURITY UPDATE: Integer overflow leading to buffer overflow
- debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in
util.c.
- CVE-2018-18311
* SECURITY UPDATE: Heap-buffer-overflow read
- debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to
memchr in regcomp.c.
- CVE-2018-18313
-- Marc Deslauriers <email address hidden> Tue, 20 Nov 2018 09:27:15 -0500
|
Source diff to previous version |
|
perl (5.18.2-2ubuntu1.6) trusty-security; urgency=medium
* SECURITY UPDATE: Directory traversal vulnerability
- debian/patches/fixes/CVE-2018-12015.patch: fix ing
cpan/Archive-Tar/lib/Archive/Tar.pm.
- CVE-2018-12015
-- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Jun 2018 17:00:53 -0300
|
Source diff to previous version |
CVE-2018-12015 |
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary |
|
perl (5.18.2-2ubuntu1.4) trusty-security; urgency=medium
* SECURITY UPDATE: infinite loop via crafted utf-8 data
- debian/patches/fixes/CVE-2015-8853-1.patch: fix hangs in regexec.c,
t/re/pat.t.
- debian/patches/fixes/CVE-2015-8853-2.patch: use
Perl_croak_nocontext() in regexec.c.
- CVE-2015-8853
* SECURITY UPDATE: arbitrary code exec via library in cwd
- debian/patches/fixes/CVE-2016-6185.patch: properly handle paths in
dist/XSLoader/XSLoader_pm.PL, dist/XSLoader/t/XSLoader.t.
- CVE-2016-6185
* SECURITY UPDATE: race condition in rmtree and remove_tree
- debian/patches/fixes/CVE-2017-6512-pre.patch: correct the order of
tests of chmod() in cpan/ExtUtils-Command/t/eu_command.t.
- debian/patches/fixes/CVE-2017-6512.patch: prevent race in
cpan/File-Path/lib/File/Path.pm, cpan/File-Path/t/Path.t.
- CVE-2017-6512
* SECURITY UPDATE: heap buffer overflow bug
- debian/patches/fixes/CVE-2018-6913.patch: fix various space
calculation issues in pp_pack.c, t/op/pack.t.
- CVE-2018-6913
-- Marc Deslauriers <email address hidden> Thu, 05 Apr 2018 12:49:25 -0400
|
Source diff to previous version |
CVE-2015-8853 |
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a de |
CVE-2016-6185 |
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execu |
CVE-2017-6512 |
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary fil |
CVE-2018-6913 |
heap-buffer-overflow in S_pack_rec |
|
perl (5.18.2-2ubuntu1.3) trusty-security; urgency=medium
* SECURITY UPDATE: Buffer overflow via crafted regular expressiion
- debian/patches/CVE-2017-12883.patch: fix crafted expression
with invalid '\N{U+...}' escape in regcomp.c
- CVE-2017-12883
* SECURITY UPDATE: heap-based buffer overflow in S_regatom
- debian/patches/CVE-2017-12837.patch: fix issue in regcomp.c
- CVE-2017-12837
-- <email address hidden> (Leonidas S. Barbosa) Fri, 10 Nov 2017 08:42:39 -0300
|
Source diff to previous version |
CVE-2017-12883 |
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disc |
CVE-2017-12837 |
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to |
|
perl (5.18.2-2ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via regular expression invalid
backreference
- debian/patches/fixes/CVE-2013-7422.patch: properly handle big
backreferences in regcomp.c.
- CVE-2013-7422
* SECURITY UPDATE: denial of service in Data::Dumper
- debian/patches/fixes/CVE-2014-4330.patch: limit recursion in
MANIFEST, dist/Data-Dumper/Dumper.pm, dist/Data-Dumper/Dumper.xs,
dist/Data-Dumper/t/recurse.t.
- CVE-2014-4330
* SECURITY UPDATE: environment variable confusion issue
- debian/patches/fixes/CVE-2016-2381.patch: remove duplicate
environment variables from environ in perl.c.
- CVE-2016-2381
-- Marc Deslauriers <email address hidden> Tue, 01 Mar 2016 07:32:17 -0500
|
CVE-2013-7422 |
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to ex |
CVE-2014-4330 |
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service ( |
|
About
-
Send Feedback to @ubuntu_updates