[From nobody Sat Jun 6 18:35:16 2026 Received: (at submit) by bugs.debian.org; 5 Jun 2026 16:57:54 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-118.5 required=4.0 tests=ALL_TRUSTED,BAYES_00, BODY_INCLUDES_PACKAGE,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FOURLA,FROMDEVELOPER,HAS_PACKAGE, SPF_HELO_NONE,SPF_PASS,USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 9; hammy, 133; neutral, 33; spammy, 0. spammytokens: hammytokens:0.000-+--Hx-spam-relays-external:sk:stravin, 0.000-+--H*RT:sk:stravin, 0.000-+--Hx-spam-relays-external:311, 0.000-+--H*RT:311, 0.000-+--H*RT:108 Return-path: <ntyni@debian.org> Received: from stravinsky.debian.org ([2001:41b8:202:deb::311:108]:46702) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <ntyni@debian.org>) id 1wVXrm-001EmQ-2R for submit@bugs.debian.org; Fri, 05 Jun 2026 16:57:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.stravinsky; h=X-Debian-User:Content-Type:MIME-Version:Message-ID: Subject:To:From:Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:In-Reply-To:References; bh=28AOnBsuhF9xb+PUDAv3z2lwjNBF/dMSbaSvEKMZhrw=; b=WZjZUkaeFZaRrvsUnSM/M+/VET Pfb8xjUo38Xe5S+zokqdo0iQOAH5Ll19Kmhqcz/dxZk3Fl5ZrcpSM9/HBZLOcNoBNlXWJmKSC1ujU YhICwrCOZpi6xgc39Poqr7EUHKMQjDcUj0pTZ8+mSNtDz0WZr3IG5XeplCyeCan1vGVbGk1Qnv0eZ CoWqTDBVH8l/TGxCeSbe0PAI3Dw9J9K+QmQVRr05eu1c0OzKgXOXIYVyu3U56DrgyRVNbBih12fEX LUuZaYJBvTsM3n5iQ8AGktf4mLz1KaoC/n7dpsHCkbGz4C79jropDkpNuthQSNSP4mRCRHZZfn+XD oW799VWQ==; Received: from authenticated-user by stravinsky.debian.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <ntyni@debian.org>) id 1wVXrk-005RCy-3C for submit@bugs.debian.org; Fri, 05 Jun 2026 16:57:53 +0000 Date: Fri, 5 Jun 2026 19:57:51 +0300 From: Niko Tyni <ntyni@debian.org> To: submit@bugs.debian.org Subject: perl: overflow fixes for pack() Message-ID: <aiMAD83WpG4VmVFg@app-dd> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Debian-User: ntyni Delivered-To: submit@bugs.debian.org Package: perl Version: 5.40.1-6 Severity: normal Tags: upstream fixed-upstream security Forwarded: https://github.com/Perl/perl5/pull/24414 X-Debbugs-Cc: carnil@debian.org Perl 5.44 will include a few overflow fixes for pack() that are also going to be backported for point releases of 5.42, 5.40, and 5.38. See https://github.com/Perl/perl5/issues/24445 Leon Timmermans recommended that we include them too. I'll push them to the 5.40 sid+forky and 5.42 experimental packages at least. Not sure yet if we want them in stable (5.40) or oldstable (5.36) as well. AIUI the security impact is moderate or low and they are only problems for badly written XS code. Copying Salvatore anyway just in case. -- Niko Tyni ntyni@debian.org ]