Accepted perl 5.42.2-2 (source) into experimental

Debian FTP Masters ftpmaster at ftp-master.debian.org
Sat Jun 6 18:33:58 BST 2026 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384

Format: 1.8
Date: Sat, 06 Jun 2026 18:02:30 +0300
Source: perl
Architecture: source
Version: 5.42.2-2
Distribution: experimental
Urgency: medium
Maintainer: Niko Tyni <ntyni at debian.org>
Changed-By: Niko Tyni <ntyni at debian.org>
Closes: 1137345 1138854 1138855 1138856 1138858 1138863 1138905 1138906
Changes:
 perl (5.42.2-2) experimental; urgency=medium
 .
   * [SECURITY] backport various fixes from upstream:
     + CVE-2025-15649: header parsing in IO::Uncompress::Unzip.
         (Closes: #1138863)
     + CVE-2026-7010:  CRLF-validation in HTTP::Tiny.
         (Closes: #1138858)
     + CVE-2026-8376:  Buffer overflow in Perl_study_chunk.
         (Closes: #1137345)
     + CVE-2026-48959: CPU exhaustion in IO::Uncompress::Unzip.
         (Closes: #1138856)
     + CVE-2026-48961: crash in zipdetails.
         (Closes: #1138855)
     + CVE-2026-48962: code execution in IO-Compress via output globs.
         (Closes: #1138854)
     + buffer overflows in pack().
         (Closes: #1138905)
     + buffer overflow in Storable.
         (Closes: #1138906)
Checksums-Sha1:
 fac7a2aa4e40bb502f1d0ce479f05bb76f4e7fe1 2372 perl_5.42.2-2.dsc
 9060d73f124395f973a8cfe3d6e412fbb93217ce 175608 perl_5.42.2-2.debian.tar.xz
 9cea33e3faf2aceb567e9db40aa4fff67e9264ad 5338 perl_5.42.2-2_source.buildinfo
Checksums-Sha256:
 e33c40124c7932ccebc7343c768e74347545dabf04b48a7b94a3b8d1a829a15c 2372 perl_5.42.2-2.dsc
 03dc1d547aa8271832042b2a66b8c71a72035c28ca736166fd27dc6d2aaa8afb 175608 perl_5.42.2-2.debian.tar.xz
 1b9c3872189b57ee52820e2d497dd8e99fdfb243e03a872f0013322a801380b2 5338 perl_5.42.2-2_source.buildinfo
Files:
 13b7988bfedecc286305774e1817e7d0 2372 perl standard perl_5.42.2-2.dsc
 0a7ad2361cdc8b893dbcad3628bcd09f 175608 perl standard perl_5.42.2-2.debian.tar.xz
 8ed1e5c781a84858dfb01c5d963d86a3 5338 perl standard perl_5.42.2-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iKcEARMJAC8WIQTuZv2Xfg2x/uVxefeK/rNkDrE5sgUCaiRCvBEcbnR5bmlAZGVi
aWFuLm9yZwAKCRCK/rNkDrE5soOOAXoDqPuy2hIDNgbVMnotKgfi7tU1TjmeDkEC
OfUCv1UOU/zgnn4mqFkVY0EtjSc74iUBf3LHLX7Tab7loNX6UtKcvkCmoY1uXvWf
a7YWnv6aOXsw9oPetRDgHQcOE9AHI6Mz8w==
=YN5x
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/perl-maintainers/attachments/20260606/302277b0/attachment.sig>

More information about the Perl-maintainers mailing list