Bug#835984: libencode-perl: missing CVE-2016-1238 fixes
Niko Tyni
ntyni at debian.org
Mon Aug 29 19:33:32 UTC 2016
Package: libencode-perl
Version: 2.84-2
Severity: important
Tags: security fixed-upstream jessie wheezy
Forwarded: https://github.com/dankogai/p5-encode/pull/58
X-Debbugs-Cc: carnil at debian.org, dom at earth.li
Control: found -1 2.63-1+deb8u1
Control: found -1 2.44-1+deb7u1
It looks like this package was not updated for CVE-2016-1238 while the
version bundled with Perl core was, for all of testing/unstable, stable,
and oldstable. So installing the separate package will now override the
fixes in the core version.
Upstream included the fixes in 2.85 so updating to that should be enough
for testing/unstable.
(Not sure if this should be 'serious', feel free to bump as you see fit.)
--
Niko Tyni ntyni at debian.org
More information about the pkg-perl-maintainers
mailing list