Opened 5 months ago

Closed 5 months ago

Last modified 5 months ago

#5383 closed enhancement (fixed)

perl-5.38.2

Reported by: Bruce Dubbs Owned by: lfs-book
Priority: high Milestone: 12.1
Component: Book Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (8)

comment:1 by Xi Ruoyao, 5 months ago

There is a test failure: https://github.com/Perl/perl5/issues/21671

We can just document this failure, or if we want a clean test result we can use a sed to fix META.json.

comment:2 by Douglas R. Reno, 5 months ago

Priority: normalhigh

Contains one security fix that is relevant to us: 

CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property

This vulnerability was reported directly to the Perl security team by Nathan Mills 
the.true.nathan.mills@gmail.com.

A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a 
one-byte attacker controlled buffer overflow in a heap allocated buffer.

The rest of the release notes can be found at https://metacpan.org/release/PEVANS/perl-5.38.1/changes, but note that the security fix seems to be the only relevant change for us. The other security fix in there is Windows specific.

comment:3 by Marty Jack, 5 months ago

5.38.2 out imminently. Upstream says 5.38.1 is broken and withdrawn. 

https://metacpan.org/release/PEVANS/perl-5.38.2/changes

comment:4 by Bruce Dubbs, 5 months ago

Good to know. Our end of month update is due to be done tomorrow, but if needed we can way a few days.

comment:5 by Bruce Dubbs, 5 months ago

Summary: perl-5.38.1perl-5.38.2

Version 5.38.2 has been released.

comment:6 by Marty Jack, 5 months ago

I observe all tests successful in 5.38.2.

comment:7 by Bruce Dubbs, 5 months ago

Resolution: fixed
Status: newclosed

Fixed at commit 15f7b58b

comment:8 by Douglas R. Reno, 5 months ago

SA-12.0-049 issued

Note: See TracTickets for help on using tickets.