Change History (8)
comment:1 by , 13 months ago
comment:2 by , 13 months ago
Priority: | normal → high |
---|
Contains one security fix that is relevant to us:
CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property This vulnerability was reported directly to the Perl security team by Nathan Mills the.true.nathan.mills@gmail.com. A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a one-byte attacker controlled buffer overflow in a heap allocated buffer.
The rest of the release notes can be found at https://metacpan.org/release/PEVANS/perl-5.38.1/changes, but note that the security fix seems to be the only relevant change for us. The other security fix in there is Windows specific.
comment:3 by , 13 months ago
5.38.2 out imminently. Upstream says 5.38.1 is broken and withdrawn.
https://metacpan.org/release/PEVANS/perl-5.38.2/changes
comment:4 by , 13 months ago
Good to know. Our end of month update is due to be done tomorrow, but if needed we can way a few days.
Note:
See TracTickets
for help on using tickets.
There is a test failure: https://github.com/Perl/perl5/issues/21671
We can just document this failure, or if we want a clean test result we can use a sed to fix META.json.