[Git][security-tracker-team/security-tracker][master] Add cloned bugs for perl issues

Thu Jun 4 20:43:56 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a238a85b by Salvatore Bonaccorso at 2026-06-04T21:43:25+02:00
Add cloned bugs for perl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7700,7 +7700,7 @@ CVE-2026-46644 [insecure equivalence in symfony/polyfill-intl-idn for ASCII-only
 	NOTE: https://github.com/symfony/polyfill/security/advisories/GHSA-2xf4-cg6j-vhgq
 CVE-2026-48962 (IO::Compress versions before 2.220 for Perl can execute arbitrary code ...)
 	- libio-compress-perl 2.220-1 (bug #1138055)
-	- perl <unfixed>
+	- perl <unfixed> (bug #1138854)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434385/
 	NOTE: Fixed by: https://github.com/pmqs/IO-Compress/commit/f2db247bf90d4cc7ee2710be384946081f3b4610 (v2.220)
 CVE-2026-48961 (IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetai ...)
@@ -7708,13 +7708,13 @@ CVE-2026-48961 (IO::Compress versions from 2.207 before 2.220 for Perl ship a zi
 	[trixie] - libio-compress-perl <no-dsa> (Minor issue)
 	[bookworm] - libio-compress-perl <not-affected> (Vulnerable code introduced later)
 	[bullseye] - libio-compress-perl <not-affected> (Vulnerable code introduced later)
-	- perl <unfixed>
+	- perl <unfixed> (bug #1138855)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434383/
 	NOTE: Introduced with: https://github.com/pmqs/IO-Compress/commit/ddfe67584a228877e5d28840da75ff32e435a5e3 (v2.207)
 	NOTE: Fixed by: https://github.com/pmqs/IO-Compress/commit/33c89d03d6e746ed2ead4f2f6570d47864c61bc7 (v2.220)
 CVE-2026-48959 (IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaust ...)
 	- libio-compress-perl 2.220-1 (bug #1138051)
-	- perl <unfixed>
+	- perl <unfixed> (bug #1138856)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434381/
 	NOTE: Fixed by: https://github.com/pmqs/IO-Compress/commit/68db44076f4c1a86a2ffe53a958eac6cabaf72e2 (v2.220)
 CVE-2025-15649 (IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaugh ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a238a85b49bf62c37bf40f5e54615f97c7883271

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a238a85b49bf62c37bf40f5e54615f97c7883271
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260604/424c56b4/attachment.htm>
