libbson-xs-perl updates for bookworm and bullseye
Roberto C. Sánchez
roberto at debian.org
Sat May 3 21:28:43 BST 2025
Hello Perl friends,
I have prepared a libbson-xs-perl update for bookworm (0.8.4-2+deb12u1)
and will also be preparing an update for bullseye (0.8.4-1+deb11u1).
As the package has been removed from unstable and testing, I wanted to
make sure about where to record the changes. Is it OK if I push my
changes on the branches debian/bookworm and debian/bullseye at
perl-team/modules/packages/libbson-xs-perl.git? I will also push signed
tags when appropriate (after receiving the OK from SRM for the bookworm
update, and after uploading for the bullseye/LTS update).
The specific changes I have made are to backport patches for the
following CVEs:
CVE-2017-14227
CVE-2018-16790
CVE-2023-0437
CVE-2024-6381
CVE-2024-6383
CVE-2025-0755
All of these vulnerabilities affect the embedded copy of libbson which
is present in libbson-xs-perl.
If you prefer not to have these branches and tags in your team's repo,
then I will fork it under lts-team/packages/libbson-xs-perl and record
the changes there.
Regards,
-Roberto
--
Roberto C. Sánchez
More information about the pkg-perl-maintainers
mailing list