[From nobody Sat Jun 6 18:35:13 2026 Received: (at 1138856-close) by bugs.debian.org; 6 Jun 2026 17:33:52 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-114.1 required=4.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,MD5_SHA1_SUM,PGPSIGNATURE, USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 11; hammy, 150; neutral, 204; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--HX-DAK:process-upload, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo. Return-path: <envelope@ftp-master.debian.org> Received: from muffat.debian.org ([2607:f8f0:614:1::1274:33]:50154) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wVuu8-0046lR-1x for 1138856-close@bugs.debian.org; Sat, 06 Jun 2026 17:33:52 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by muffat.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wVuu8-008l2X-18 for 1138856-close@bugs.debian.org; Sat, 06 Jun 2026 17:33:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=BWCfVHWoHQbm1D50J+f2w2PCI2ku4ooco2gZeSk+h3A=; b=GSfJmcKaVMSbmtR0P7n5WOHTlW 4lYRLq7pwPBoXV4Oo90jeODi3YwJxYA7vX0WszMCOI2B+mI4u8n1oPBe7wvhdbD5cV6AaZqIHbcgd +yo//vbzcNdG5DXzegLf4W4fNKLgDjd4mi+WgcJDB0Vzw8yg7kjM6w/lQaYQTM6RFAp/hIJY1nSXT XYNQOgSC3hWNAHGwi9Dt1TGOkB7JEbk5jnC36pY6CLrItUzxZ4TjuRqLXWGX1W7EnX9yQ7CQqFHFH g5yBZXInheWM2R3zDE5jd7vJsq6NrdzTD3u9WWMdxVWJs8EqjqDLPS/Cj/Y0tgtRvV012EPi76cTu PobWx/4A==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1wVuu7-00000008btv-2KUj; Sat, 06 Jun 2026 17:33:51 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: Niko Tyni <ntyni@debian.org> To: 1138856-close@bugs.debian.org X-DAK: dak process-upload X-Debian: DAK X-Debian-Package: perl Debian: DAK Debian-Changes: perl_5.40.1-8_source.changes Debian-Source: perl Debian-Version: 5.40.1-8 Debian-Architecture: source Debian-Suite: unstable Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1138856: fixed in perl 5.40.1-8 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============5860623704627595632==" Message-Id: <E1wVuu7-00000008btv-2KUj@fasolo.debian.org> Date: Sat, 06 Jun 2026 17:33:51 +0000 --===============5860623704627595632== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: perl Source-Version: 5.40.1-8 Done: Niko Tyni <ntyni@debian.org> We believe that the bug you reported is fixed in the latest version of perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1138856@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Niko Tyni <ntyni@debian.org> (supplier of updated perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA384 Format: 1.8 Date: Sat, 06 Jun 2026 17:22:29 +0300 Source: perl Architecture: source Version: 5.40.1-8 Distribution: unstable Urgency: medium Maintainer: Niko Tyni <ntyni@debian.org> Changed-By: Niko Tyni <ntyni@debian.org> Closes: 1137345 1138854 1138855 1138856 1138858 1138863 1138905 1138906 Changes: perl (5.40.1-8) unstable; urgency=3Dmedium . * [SECURITY] backport various fixes from upstream: + CVE-2025-15649: header parsing in IO::Uncompress::Unzip. (Closes: #1138863) + CVE-2026-7010: CRLF-validation in HTTP::Tiny. (Closes: #1138858) + CVE-2026-8376: Buffer overflow in Perl_study_chunk. (Closes: #1137345) + CVE-2026-48959: CPU exhaustion in IO::Uncompress::Unzip. (Closes: #1138856) + CVE-2026-48961: crash in zipdetails. (Closes: #1138855) + CVE-2026-48962: code execution in IO-Compress via output globs. (Closes: #1138854) + buffer overflows in pack(). (Closes: #1138905) + buffer overflow in Storable. (Closes: #1138906) Checksums-Sha1: feff9b43463d196f6744b2f51ab3094537900678 2372 perl_5.40.1-8.dsc a275dffed86a0d9a43dc87b7ffec3a03b8aab38d 179088 perl_5.40.1-8.debian.tar.xz efc987732ec29a37204e0cc26d43d761be2671d3 5338 perl_5.40.1-8_source.buildinfo Checksums-Sha256: 0df3684ddbed6c62651b8f682df33d2af54d47ee238958f30fa26ac066ee88d5 2372 perl_5= .40.1-8.dsc 621e16fec9e822ec835071aa3665ebd329142bcd270b86a6f9bb04cb94a1de08 179088 perl= _5.40.1-8.debian.tar.xz bbf2de68263b588b9b82209e60f9ed9704f7021ffa9b08fab2da43f9c9485b93 5338 perl_5= .40.1-8_source.buildinfo Files: d9d1456beca9bb3f5535b82405708bfe 2372 perl standard perl_5.40.1-8.dsc 46569b65055e962347a20985b9ec245a 179088 perl standard perl_5.40.1-8.debian.t= ar.xz ffcf467b4231949b678af8c4ae3651e3 5338 perl standard perl_5.40.1-8_source.bui= ldinfo -----BEGIN PGP SIGNATURE----- iKcEARMJAC8WIQTuZv2Xfg2x/uVxefeK/rNkDrE5sgUCaiRB+hEcbnR5bmlAZGVi aWFuLm9yZwAKCRCK/rNkDrE5st5SAX9cPTfxh8ivQ7d4IBnal//ySr/1+zI8TyyB J09rCB4SqkDM74u0tZtsSeIXuILCJ5UBgKav4TN0s0BVQ/Kv78fVzoAvLfYtm7dn nojCgyWR8Nw+dYy5Gg04H/JmVY8GWBMzpA=3D=3D =3DVizr -----END PGP SIGNATURE----- --===============5860623704627595632== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaiRZ/wAKCRCb9qggYcy5 IS5OAQCG3Syg9yK/ATgxfjxvX32bUrqCzxc2W3K5KmZTB2NexQD+KEPop5NaaYs0 qtEX6iddJQ8NlN2O3HmF0/IXIonCpg4= =9ich -----END PGP SIGNATURE----- --===============5860623704627595632==-- ]