[Git][security-tracker-team/security-tracker][master] Add Debian bug references for perl issues

Thu Jun 4 21:52:03 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aa45fe64 by Salvatore Bonaccorso at 2026-06-04T22:50:26+02:00
Add Debian bug references for perl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7733,7 +7733,7 @@ CVE-2026-48959 (IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU e
 	NOTE: Fixed by: https://github.com/pmqs/IO-Compress/commit/68db44076f4c1a86a2ffe53a958eac6cabaf72e2 (v2.220)
 CVE-2025-15649 (IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaugh ...)
 	- libio-compress-perl 2.217-1
-	- perl <unfixed>
+	- perl <unfixed> (bug #1138863)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434380/
 	NOTE: https://github.com/pmqs/IO-Compress/issues/65
 	NOTE: Fixed by: https://github.com/pmqs/IO-Compress/commit/fd28c1d2374eee9811f6d0c5bddc0957abdf1da8 (v2.215)
@@ -8354,15 +8354,15 @@ CVE-2026-48715 [Stack Buffer Overflow in radvdump Route Information Option Parse
 	NOTE: https://github.com/radvd-project/radvd/security/advisories/GHSA-52px-gh9p-m379
 	NOTE: Crash in CLI tool, no security impact
 CVE-2026-9538 (Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ...)
-	- perl <unfixed>
+	- perl <unfixed> (bug #1138861)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/40396448/
 	NOTE: https://github.com/jib/archive-tar-new/commit/f9af01426038e29d9578825a0cd3626946ab08c7 (3.10)
 CVE-2026-42497 (Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ...)
-	- perl <unfixed>
+	- perl <unfixed> (bug #1138859)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/40396457/
 	NOTE: https://github.com/jib/archive-tar-new/commit/17c873492a05eddc0de18c1485e0b2cccd5a9158 (3.08)
 CVE-2026-42496 (Archive::Tar versions before 3.08 for Perl extract symlinks with attac ...)
-	- perl <unfixed>
+	- perl <unfixed> (bug #1138860)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/40396459/
 	NOTE: https://github.com/jib/archive-tar-new/commit/17c873492a05eddc0de18c1485e0b2cccd5a9158 (3.08)
 CVE-2026-48589 (Apache Shiro\u2019s Jakarta EE module used the HTTP Referer header in  ...)
@@ -15664,7 +15664,7 @@ CVE-2026-7010 (HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in
 	- libhttp-tiny-perl 0.092-2
 	[trixie] - libhttp-tiny-perl <no-dsa> (Minor issue)
 	[bookworm] - libhttp-tiny-perl <no-dsa> (Minor issue)
-	- perl <unfixed>
+	- perl <unfixed> (bug #1138858)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/39952806/
 	NOTE: Fixed by: https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/commit/d73c7651e82ace02693842df55928b6c3ae7c38d (release-0.093)
 CVE-2026-6146 (Amazon::Credentials versions through 1.2.0 for Perl uses rand to gener ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa45fe64f7eb2fc3ff29914695ff9a9403fae000

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa45fe64f7eb2fc3ff29914695ff9a9403fae000
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260604/eeaed000/attachment-0001.htm>
