Bug#1135859: trixie-pu: package libtext-csv-xs-perl/1.60-1+deb13u1

gregor herrmann gregoa at debian.org
Wed May 6 18:30:05 BST 2026 

Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: libtext-csv-xs-perl at packages.debian.org
Control: affects -1 + src:libtext-csv-xs-perl
User: release.debian.org at packages.debian.org
Usertags: pu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

In coordination with the security team, I've uploaded 
libtext-csv-xs-perl/1.60-1+deb13u1 to trixie in order to fix 
https://security-tracker.debian.org/tracker/CVE-2026-7111
aka #1135232

| Text::CSV_XS versions before 1.62 for Perl have a use-after-free when 
| registered callbacks extend the Perl argument stack, which may enable 
| type confusion or memory corruption. …

The fix is 1 quilt patch, taken from the respective uptream commit 
(also included in the 1.62 upstream release, aka tested in the wild), 
which is also already in unstable.

Find attached the complete debdiff against the version in trixie.


Thanks in advance,
gregor

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmn7ep1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgb4Sw//ckWUm+rojfX9peN3hUjtA5DFqwN4LCBgwAklj5gDkzwbgnQuFuV6SHlL
38kWtqQuxRLAQg6lkcngV6M3J1I0f/fnJgGuRtDF463NKc0xo+iQqEYJc6VYy6U1
dFYRRE/z/WYgFfxS1h9A4Gxc4isIXVtn5omZNCeEHXII4fQk8DmFan/eWwGc7cZh
nmBzBwQ4HTZD7kVJ4OHK9BRU12yj+bpJdtnm2gyP7PCiW03xUpkLDZVJvWZfSO+e
8DOVFlXeS3qX7uvSqdqQTMFJnOZ0by/kKdILDeQD8yHkB1+31CDvOcL+YWPjd184
CTLEhD+TrRK1HpOa954FUEYVlquLfct/YfFDA/PmDyZSz9QfCiMmkQgEnL02Bcpw
LBOvtvFDgl1MTC2pvt7rKMzx2xnGwSy6aYo9C+sEOS1JbT2lj0WlR0hkZE1kWCh1
g/wyBC8AU3QRUQhsEtvkGkr6lbvsYO+j6pCsIOEBr5nBjR+k+FdIGp84Vx01L/v1
Fk+a3gFXOFBsbtILCrFMyT+m41G8epbBr6D+aXoZFnp/jPxX0+RxA7touxsEi8pQ
Odr+8GCHS924RPa/syuUAvwi0w6q27EQltLQNppb59ID2Yztf/bOthskvGLehwqp
HiE8natvdAyTrHYFIAZWb9WD4x2BIbWKFRsx0by0jqNEDavsMhc=
=npYS
-----END PGP SIGNATURE-----
-------------- next part --------------
diff -Nru libtext-csv-xs-perl-1.60/debian/changelog libtext-csv-xs-perl-1.60/debian/changelog
--- libtext-csv-xs-perl-1.60/debian/changelog	2025-02-02 02:20:05.000000000 +0100
+++ libtext-csv-xs-perl-1.60/debian/changelog	2026-05-06 17:02:23.000000000 +0200
@@ -1,3 +1,11 @@
+libtext-csv-xs-perl (1.60-1+deb13u1) trixie; urgency=medium
+
+  * Fix possible stack corruption: CVE-2026-7111.
+    Patch taken from upstream Git commit, as released in 1.62.
+    (Closes: #1135232)
+
+ -- gregor herrmann <gregoa at debian.org>  Wed, 06 May 2026 17:02:23 +0200
+
 libtext-csv-xs-perl (1.60-1) unstable; urgency=medium
 
   * Import upstream version 1.60.
diff -Nru libtext-csv-xs-perl-1.60/debian/patches/0001-Fix-possible-stack-corruption.patch libtext-csv-xs-perl-1.60/debian/patches/0001-Fix-possible-stack-corruption.patch
--- libtext-csv-xs-perl-1.60/debian/patches/0001-Fix-possible-stack-corruption.patch	1970-01-01 01:00:00.000000000 +0100
+++ libtext-csv-xs-perl-1.60/debian/patches/0001-Fix-possible-stack-corruption.patch	2026-05-06 17:02:23.000000000 +0200
@@ -0,0 +1,114 @@
+From c17f31a5f2bf36674748eb4b6e25672f0571a224 Mon Sep 17 00:00:00 2001
+From: "H.Merijn Brand - Tux" <linux at tux.freedom.nl>
+Date: Sat, 25 Apr 2026 16:18:57 +0200
+Subject: [PATCH] Fix possible stack corruption (thanks leont) (issue 65)
+
+SPAGAIN required if callbacks can extend the stack
+
+
+Bug: https://github.com/cpan-authors/Text-CSV_XS/issues/65
+Bug-Debian: https://bugs.debian.org/1135232
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2026-7111
+
+
+---
+ CSV_XS.xs           | 36 ++++++++++++++++++------------------
+ ChangeLog           |  1 +
+ cpanfile            |  2 +-
+ sandbox/issue-65.pl | 41 ++++++++++++++++++++++++++++++++++++++---
+ 4 files changed, 58 insertions(+), 22 deletions(-)
+
+diff --git a/CSV_XS.xs b/CSV_XS.xs
+index f89859e..c348f83 100644
+--- a/CSV_XS.xs
++++ b/CSV_XS.xs
+@@ -122,6 +122,12 @@ static unsigned char ec, ebcdic2ascii[256] = {
+ 	croak ("self is not a hash ref");		\
+     hv = (HV *)SvRV (self)
+ 
++#define undef &PL_sv_undef
++#define PUT_RETURN(x)	\
++    SPAGAIN;		\
++    ST (0) = x;		\
++    XSRETURN (1)
++
+ /* Keep in sync with .pm! */
+ #define CACHE_ID_quote_char		0
+ #define CACHE_ID_escape_char		1
+@@ -2603,7 +2609,7 @@ BOOT:
+     Perl_load_module (aTHX_ PERL_LOADMOD_NOIMPORT, newSVpvs ("IO::Handle"), NULL, NULL, NULL);
+ 
+ void
+-SetDiag (SV *self, int xse, ...)
++SetDiag (SV *self, int xse, SV *line = undef)
+ 
+   PPCODE:
+     HV		*hv;
+@@ -2619,8 +2625,8 @@ SetDiag (SV *self, int xse, ...)
+ 	ST (0) = sv_2mortal (SvDiag (xse));
+ 	}
+ 
+-    if (xse && items > 2 && SvPOK (ST (2))) {
+-	sv_setpvn (ST (0),  SvPVX (ST (2)), SvCUR (ST (2)));
++    if (xse && SvPOK (line)) {
++	sv_setpvn (ST (0),  SvPVX (line), SvCUR (line));
+ 	SvIOK_on  (ST (0));
+ 	}
+ 
+@@ -2670,8 +2676,8 @@ Parse (SV *self, SV *src, SV *fields, SV *fflags)
+     av  = (AV *)SvRV (fields);
+     avf = (AV *)SvRV (fflags);
+ 
+-    ST (0) = xsParse (self, hv, av, avf, src, 0) ? &PL_sv_yes : &PL_sv_no;
+-    XSRETURN (1);
++    int x = xsParse (self, hv, av, avf, src, 0);
++    PUT_RETURN (x ? &PL_sv_yes : &PL_sv_no);
+     /* XS Parse */
+ 
+ void
+@@ -2691,8 +2697,8 @@ print (SV *self, SV *io, SV *fields)
+ 	av = (AV *)SvRV (fields);
+ 	}
+ 
+-    ST (0) = xsCombine (self, hv, av, io, 1) ? &PL_sv_yes : &PL_sv_no;
+-    XSRETURN (1);
++    int x = xsCombine (self, hv, av, io, 1);
++    PUT_RETURN (x ? &PL_sv_yes : &PL_sv_no);
+     /* XS print */
+ 
+ void
+@@ -2706,26 +2712,20 @@ getline (SV *self, SV *io)
+     CSV_XS_SELF;
+     av  = newAV ();
+     avf = newAV ();
+-    ST (0) = xsParse (self, hv, av, avf, io, 1)
+-	? sv_2mortal (newRV_noinc ((SV *)av))
+-	: &PL_sv_undef;
+-    XSRETURN (1);
++    int x = xsParse (self, hv, av, avf, io, 1);
++    PUT_RETURN (x ? sv_2mortal (newRV_noinc ((SV *)av)) : undef);
+     /* XS getline */
+ 
+ void
+-getline_all (SV *self, SV *io, ...)
++getline_all (SV *self, SV *io, SV *offset = undef, SV *length = undef)
+ 
+   PPCODE:
+     HV	*hv;
+-    SV  *offset, *length;
+ 
+     CSV_XS_SELF;
+ 
+-    offset = items > 2 ? ST (2) : &PL_sv_undef;
+-    length = items > 3 ? ST (3) : &PL_sv_undef;
+-
+-    ST (0) = xsParse_all (self, hv, io, offset, length);
+-    XSRETURN (1);
++    SV *x  = xsParse_all (self, hv, io, offset, length);
++    PUT_RETURN (x);
+     /* XS getline_all */
+ 
+ void
+-- 
+2.53.0
+
diff -Nru libtext-csv-xs-perl-1.60/debian/patches/series libtext-csv-xs-perl-1.60/debian/patches/series
--- libtext-csv-xs-perl-1.60/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ libtext-csv-xs-perl-1.60/debian/patches/series	2026-05-06 17:02:23.000000000 +0200
@@ -0,0 +1 @@
+0001-Fix-possible-stack-corruption.patch

More information about the pkg-perl-maintainers mailing list