[Bug 1705145] [NEW] upgrade xenial-perl to get important security fixes

Karen Etheridge ubuntu at froods.org
Wed Jul 19 00:05:44 UTC 2017 

*** This bug is a security vulnerability ***

Public security bug reported:

xenial packages perl at version 5.22.1, as described here --
https://packages.ubuntu.com/xenial/perl

Please could you upgrade the package to reflect 5.22.4, to include
critical bug fixes that have been fixed in the meantime?  This is a
binary-compatible upgrade that does not require the recompilation of
perl modules contained in other ubuntu packages.

Debian has already prepared a 5.22.4 build so you should be able to
simply copy that over.  The main security issue of concern is this one
-- https://security-tracker.debian.org/tracker/CVE-2016-1238 -- which
directly affects the package managers used by debian and ubuntu.

I am also in touch with the debian perl people, and the core perl team,
so I can answer additional questions or facilitate communication with
either group as needed.

thank you!

** Affects: perl (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to perl in Ubuntu.
https://bugs.launchpad.net/bugs/1705145

Title:
  upgrade xenial-perl to get important security fixes

Status in perl package in Ubuntu:
  New

Bug description:
  xenial packages perl at version 5.22.1, as described here --
  https://packages.ubuntu.com/xenial/perl

  Please could you upgrade the package to reflect 5.22.4, to include
  critical bug fixes that have been fixed in the meantime?  This is a
  binary-compatible upgrade that does not require the recompilation of
  perl modules contained in other ubuntu packages.

  Debian has already prepared a 5.22.4 build so you should be able to
  simply copy that over.  The main security issue of concern is this one
  -- https://security-tracker.debian.org/tracker/CVE-2016-1238 -- which
  directly affects the package managers used by debian and ubuntu.

  I am also in touch with the debian perl people, and the core perl
  team, so I can answer additional questions or facilitate communication
  with either group as needed.

  thank you!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/perl/+bug/1705145/+subscriptions

More information about the foundations-bugs mailing list