Bug#836138: perl: break libencode-perl (<< 2.86-1) or so
Niko Tyni
ntyni at debian.org
Tue Aug 30 20:48:03 UTC 2016
Package: perl
Version: 5.22.2-3
The version of Encode bundled in the perl package has fixes for
CVE-2016-1238 that were only added in the separate libencode-perl package
in 2.86-1 (upstream version 2.86). See #835984.
The perl side therefore needs to Break libencode-perl (<< 2.86-1), or
perhaps (<< 2.86~) though I'm not sure where that would matter, to make
sure installing an earlier separately packaged version will not override
the fixes in the core version.
--
Niko Tyni ntyni at debian.org
More information about the Perl-maintainers
mailing list