libbson-xs-perl updates for bookworm and bullseye

Roberto C. Sánchez roberto at debian.org
Sat May 3 21:28:43 BST 2025


Hello Perl friends,

I have prepared a libbson-xs-perl update for bookworm (0.8.4-2+deb12u1)
and will also be preparing an update for bullseye (0.8.4-1+deb11u1).

As the package has been removed from unstable and testing, I wanted to
make sure about where to record the changes. Is it OK if I push my
changes on the branches debian/bookworm and debian/bullseye at
perl-team/modules/packages/libbson-xs-perl.git? I will also push signed
tags when appropriate (after receiving the OK from SRM for the bookworm
update, and after uploading for the bullseye/LTS update).

The specific changes I have made are to backport patches for the
following CVEs:

CVE-2017-14227
CVE-2018-16790
CVE-2023-0437
CVE-2024-6381
CVE-2024-6383
CVE-2025-0755

All of these vulnerabilities affect the embedded copy of libbson which
is present in libbson-xs-perl.

If you prefer not to have these branches and tags in your team's repo,
then I will fork it under lts-team/packages/libbson-xs-perl and record
the changes there.

Regards,

-Roberto

-- 
Roberto C. Sánchez



More information about the pkg-perl-maintainers mailing list