[Git][security-tracker-team/security-tracker][master] Split perl part of CVE-2026-3381 into new dedicated CVE-2026-4176

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 30 04:58:52 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b21cb2b5 by Salvatore Bonaccorso at 2026-03-30T05:58:14+02:00
Split perl part of CVE-2026-3381 into new dedicated CVE-2026-4176

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12930,13 +12930,16 @@ CVE-2026-2219 (It was discovered that dpkg-deb (a component of dpkg, the Debian
 	[bullseye] - dpkg <not-affected> (Vulnerable code introduced later)
 	NOTE: Introduced with: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=2c2f7066bd8c3209762762fa6905fa567b08ca5a (1.21.18)
 	NOTE: Fixed by: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6610297a62c0780dd0e80b0e302ef64fdcc9d313 (1.23.6)
+CVE-2026-4176
+	- perl 5.10.0-21
+	NOTE: https://lists.security.metacpan.org/cve-announce/msg/38393284/
+	NOTE: Since perl/5.10.0-20 (in experimental) the packaging uses the system zlib library.
+	NOTE: The CVE is assigned for the embedded use of zlib to address CVE-2026-27171.
 CVE-2026-3381 (Compress::Raw::Zlib versions through 2.219 for Perl use potentially in ...)
 	- libcompress-raw-zlib-perl 2.011-2
-	- perl 5.10.0-21
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/37638919/
-	NOTE: Since libcompress-raw-zlib-perl/2.011-2 and perl/5.10.0-20 (in experimental) the
-	NOTE: packaging uses the system zlib library. The CVE is assigned for the embedded use
-	NOTE: of zlib to address CVE-2026-27171.
+	NOTE: Since libcompress-raw-zlib-perl/2.011-2 the packaging uses the system zlib library.
+	NOTE: The CVE is assigned for the embedded use of zlib to address CVE-2026-27171.
 CVE-2026-3257 (UnQLite versions through 0.06 for Perl uses a potentially insecure ver ...)
 	NOT-FOR-US: UnQLite Perl module
 CVE-2025-40931 (Apache::Session::Generate::MD5 versions through 1.94 for Perl create i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b21cb2b5091ee1f6ace22c4abb914b7f35f2398f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b21cb2b5091ee1f6ace22c4abb914b7f35f2398f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260330/46cde52e/attachment.htm>

More information about the debian-security-tracker-commits mailing list