Bug#1138273: libcpanel-json-xs-perl: CVE-2026-9334 CVE-2026-9516
Salvatore Bonaccorso
carnil at debian.org
Sat May 30 10:40:38 BST 2026
Source: libcpanel-json-xs-perl
Version: 4.40-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerabilities were published for libcpanel-json-xs-perl.
CVE-2026-9334[0]:
| dupkeys_as_arrayref type confusion
CVE-2026-9516[1]:
| BOM-shift PV-corruption SIGABRT
Gregor, both are fixed in the new upstream version 4.41.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-9334
https://www.cve.org/CVERecord?id=CVE-2026-9334
https://github.com/rurban/Cpanel-JSON-XS/commit/11a7c550a0d8fac2f84414f24d5df9b2bfe346e2
[1] https://security-tracker.debian.org/tracker/CVE-2026-9516
https://www.cve.org/CVERecord?id=CVE-2026-9516
https://github.com/rurban/Cpanel-JSON-XS/commit/dfe1b41a36caba51dc12a2917fe50285d1ffaa7b
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-perl-maintainers
mailing list