upgrade xenial-perl to get important security fixes

Bug #1705145 reported by Karen Etheridge on 2017-07-19
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
perl (Ubuntu)
Medium
Unassigned

Bug Description

xenial packages perl at version 5.22.1, as described here -- https://packages.ubuntu.com/xenial/perl

Please could you upgrade the package to reflect 5.22.4, to include critical bug fixes that have been fixed in the meantime? This is a binary-compatible upgrade that does not require the recompilation of perl modules contained in other ubuntu packages.

Debian has already prepared a 5.22.4 build so you should be able to simply copy that over. The main security issue of concern is this one -- https://security-tracker.debian.org/tracker/CVE-2016-1238 -- which directly affects the package managers used by debian and ubuntu.

I am also in touch with the debian perl people, and the core perl team, so I can answer additional questions or facilitate communication with either group as needed.

thank you!

CVE References

information type: Private Security → Public Security
tags: added: xenial
Tyler Hicks (tyhicks) wrote :

Hello and thanks for the bug report. We've previously triaged this issue in the Ubuntu CVE Tracker:

  https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1238.html

Please watch that page for the latest information for this issue. Thanks again!

Changed in perl (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers