Ubuntu
perl package

upgrade xenial-perl to get important security fixes

Bug #1705145 reported by Karen Etheridge on 2017-07-19

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	perl (Ubuntu)	Triaged	Medium	Unassigned

Bug Description

xenial packages perl at version 5.22.1, as described here -- https://packages.ubuntu.com/xenial/perl

Please could you upgrade the package to reflect 5.22.4, to include critical bug fixes that have been fixed in the meantime? This is a binary-compatible upgrade that does not require the recompilation of perl modules contained in other ubuntu packages.

Debian has already prepared a 5.22.4 build so you should be able to simply copy that over. The main security issue of concern is this one -- https://security-tracker.debian.org/tracker/CVE-2016-1238 -- which directly affects the package managers used by debian and ubuntu.

I am also in touch with the debian perl people, and the core perl team, so I can answer additional questions or facilitate communication with either group as needed.

thank you!

Tags:

CVE References

2016-1238

Karen Etheridge (ubuntu-hd) on 2017-07-19

information type:

Private Security → Public Security

Hans Joachim Desserud (hjd) on 2017-07-21

tags:

added: xenial

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2017-07-27:

Hello and thanks for the bug report. We've previously triaged this issue in the Ubuntu CVE Tracker:

https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1238.html

Please watch that page for the latest information for this issue. Thanks again!

Changed in perl (Ubuntu):
importance:	Undecided → Medium
status:	New → Triaged

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuperl package