[From nobody Sat Jun 6 18:35:15 2026 Received: (at submit) by bugs.debian.org; 5 Jun 2026 17:01:58 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-118.5 required=4.0 tests=ALL_TRUSTED,BAYES_00, BODY_INCLUDES_PACKAGE,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FOURLA,FROMDEVELOPER,HAS_PACKAGE, SPF_HELO_NONE,SPF_PASS,USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 6; hammy, 141; neutral, 30; spammy, 0. spammytokens: hammytokens:0.000-+--Hx-spam-relays-external:sk:stravin, 0.000-+--H*RT:sk:stravin, 0.000-+--Hx-spam-relays-external:311, 0.000-+--H*RT:311, 0.000-+--H*RT:108 Return-path: <ntyni@debian.org> Received: from stravinsky.debian.org ([2001:41b8:202:deb::311:108]:49864) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <ntyni@debian.org>) id 1wVXvi-001FIU-26 for submit@bugs.debian.org; Fri, 05 Jun 2026 17:01:58 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.stravinsky; h=X-Debian-User:Content-Type:MIME-Version:Message-ID: Subject:To:From:Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:In-Reply-To:References; bh=nCurN1A49qh0GiZrjrFpTOyWb6nfXYhl4YLU7WSZENo=; b=XEMzYW2SC9yjXImPVeGNG3+Lb7 QcsBidX8BN6eQw2Gze0tB9/UTQW853uRZ8i5PCjUR0mZN9hdSdNNyob7KwYMFt5JRq45Q9LvvCs8c IxIEMq8l3dEoliIamiAyFdNZpsSRWGbSATvoHNevptpXRySBM28A87rqbBpCn2ocNygyR9uj3TttE bpYQsTPhHT4yuj4eU9YpYtwsLHYwIMrv3dPASkNCmGCUSqye6EknVrW8BHiF3f9+aSeyYC1S4Gr+k nmr+oSlj7aaHFKZ1hkhwbrqhx8qnVIccw+zDbTs4qmbyL+rd2FYZEbJLqBVoWW8OKVs44aTjO6I1F YSuIQkxg==; Received: from authenticated-user by stravinsky.debian.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <ntyni@debian.org>) id 1wVXvg-005RMT-33 for submit@bugs.debian.org; Fri, 05 Jun 2026 17:01:57 +0000 Date: Fri, 5 Jun 2026 20:01:55 +0300 From: Niko Tyni <ntyni@debian.org> To: submit@bugs.debian.org Subject: perl: overflow fix for Storable Message-ID: <aiMBAxOd6_yp87EY@app-dd> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Debian-User: ntyni Delivered-To: submit@bugs.debian.org Package: perl Version: 5.40.1-6 Severity: normal Tags: upstream fixed-upstream security Forwarded: https://github.com/Perl/perl5/pull/24413 X-Debbugs-Cc: carnil@debian.org Perl 5.44 will include a potential overflow fix for the Storable module that is also going to be backported for point releases of 5.42, 5.40, and 5.38. See https://github.com/Perl/perl5/issues/24445 Leon Timmermans recommended that we include this too. I'll push it to the 5.40 sid+forky and 5.42 experimental packages at least. Not sure yet if we want them in stable (5.40) or oldstable (5.36) as well. AIUI the security impact is moderate or low and this is only a problem for badly written XS code. Copying Salvatore anyway just in case. -- Niko Tyni ntyni@debian.org ]