Information on source package perl

Available versions

ReleaseVersion
jessie5.20.2-3+deb8u14
stretch5.24.1-3+deb9u8
stretch (security)5.24.1-3+deb9u5
buster5.28.1-6+deb10u2
bullseye5.32.1-4+deb11u3
bullseye (security)5.32.1-4+deb11u4
bookworm5.36.0-7+deb12u1
trixie5.40.0-7
sid5.40.0-7

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-31484fixedfixedfixedfixedvulnerable (no DSA)fixedfixedCPAN.pm before 2.35 does not verify TLS certificates when downloading ...
CVE-2018-6797vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedAn issue was discovered in Perl 5.18 through 5.26. A crafted regular e ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
TEMP-0769606-4AA6CFvulnerablefixedfixedfixedfixedfixedfixeda2p: buffer overflow
CVE-2023-31486vulnerablevulnerablevulnerablevulnerablevulnerablefixedfixedHTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available ...
CVE-2011-4116vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerable_is_safe in the File::Temp module for Perl does not properly handle sy ...

Resolved issues

BugDescription
CVE-2023-47039A vulnerability was found in Perl. This security issue occurs while Pe ...
CVE-2023-47038A vulnerability was found in perl 5.30.0 through 5.38.0. This issue oc ...
CVE-2022-48522In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based c ...
CVE-2021-36770Encode.pm, as distributed in Perl through 5.34.0, allows local users t ...
CVE-2020-16156CPAN 2.28 allows Signature Verification Bypass.
CVE-2020-12723regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted ...
CVE-2020-10878Perl before 5.30.3 has an integer overflow related to mishandling of a ...
CVE-2020-10543Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer over ...
CVE-2018-18314Perl before 5.26.3 has a buffer overflow via a crafted regular express ...
CVE-2018-18313Perl before 5.26.3 has a buffer over-read via a crafted regular expres ...
CVE-2018-18312Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via ...
CVE-2018-18311Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via ...
CVE-2018-12015In Perl through 5.26.2, the Archive::Tar module allows remote attacker ...
CVE-2018-6913Heap-based buffer overflow in the pack function in Perl before 5.26.2 ...
CVE-2018-6798An issue was discovered in Perl 5.22 through 5.26. Matching a crafted ...
CVE-2017-12883Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 ...
CVE-2017-12837Heap-based buffer overflow in the S_regatom function in regcomp.c in P ...
CVE-2017-12814Stack-based buffer overflow in the CPerlHost::Add method in win32/perl ...
CVE-2017-6512Race condition in the rmtree and remove_tree functions in the File-Pat ...
CVE-2016-6185The XSLoader::load method in XSLoader in Perl does not properly locate ...
CVE-2016-2381Perl might allow context-dependent attackers to bypass the taint prote ...
CVE-2016-1238(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) ...
CVE-2015-8853The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in ...
CVE-2015-8608The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow rem ...
CVE-2015-8607The canonpath function in the File::Spec module in PathTools before 3. ...
CVE-2014-4330The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 ...
CVE-2013-7422Integer underflow in regcomp.c in Perl before 5.20, as used in Apple O ...
CVE-2013-1667The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-depen ...
CVE-2013-1437Eval injection vulnerability in the Module-Metadata module before 1.00 ...
CVE-2012-6329The _compile function in Maketext.pm in the Locale::Maketext implement ...
CVE-2012-5526CGI.pm module before 3.63 for Perl does not properly escape newlines i ...
CVE-2012-5195Heap-based buffer overflow in the Perl_repeatcpy function in util.c in ...
CVE-2011-3597Eval injection vulnerability in the Digest module before 1.17 for Perl ...
CVE-2011-2939Off-by-one error in the decode_xs function in Unicode/Unicode.xs in th ...
CVE-2011-2728The bsd_glob function in the File::Glob module for Perl before 5.14.2 ...
CVE-2011-1487The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.1 ...
CVE-2011-0761Perl 5.10.x allows context-dependent attackers to cause a denial of se ...
CVE-2010-4777The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14 ...
CVE-2010-4411Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote att ...
CVE-2010-4410CRLF injection vulnerability in the header function in (1) CGI.pm befo ...
CVE-2010-2761The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.p ...
CVE-2010-1447The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for ...
CVE-2010-1168The Safe (aka Safe.pm) module before 2.25 for Perl allows context-depe ...
CVE-2010-1158Integer overflow in the regular expression engine in Perl 5.8.x allows ...
CVE-2009-3626Perl 5.10.1 allows context-dependent attackers to cause a denial of se ...
CVE-2009-1391Off-by-one error in the inflate function in Zlib.xs in Compress::Raw:: ...
CVE-2008-5303Race condition in the rmtree function in File::Path 1.08 (lib/File/Pat ...
CVE-2008-5302Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib ...
CVE-2008-2827The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly ...
CVE-2008-1927Double free vulnerability in Perl 5.8.8 allows context-dependent attac ...
CVE-2007-5116Buffer overflow in the polymorphic opcode support in the Regular Expre ...
CVE-2007-4829Directory traversal vulnerability in the Archive::Tar Perl module 1.36 ...
CVE-2005-4278Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo ...
CVE-2005-4217Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges ...
CVE-2005-3962Integer overflow in the format string functionality (Perl_sv_vcatpvfn) ...
CVE-2005-0448Race condition in the rmtree function in File::Path.pm in Perl before ...
CVE-2005-0156Buffer overflow in the PerlIO implementation in Perl 5.8.0, when insta ...
CVE-2005-0155The PerlIO implementation in Perl 5.8.0, when installed with setuid su ...
CVE-2004-0976Multiple scripts in the perl package in Trustix Secure Linux 1.5 throu ...
CVE-2004-0452Race condition in the rmtree function in the File::Path module in Perl ...
CVE-2004-0377Buffer overflow in the win32_stat function for (1) ActiveState's Activ ...
CVE-2003-0900Perl 5.8.1 on Fedora Core does not properly initialize the random numb ...
CVE-2003-0618Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local u ...
CVE-2003-0615Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm all ...
CVE-2002-1323Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may al ...
CVE-2002-0703An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl ...

Security announcements

DSA / DLADescription
ELA-1226-1perl - security update
DLA-3926-1perl - security update
ELA-238-1perl - security update
ELA-63-1perl - security update
DLA-1601-1perl - security update
DSA-4347-1perl - security update
ELA-7-1perl - security update
DSA-4226-1perl - security update
DLA-1345-1perl - security update
DSA-4172-1perl - security update
DSA-3982-1perl - security update
DSA-3873-1perl - security update
DLA-978-1perl - security update
DLA-565-1perl - security update
DSA-3628-1perl - security update
DSA-3501-1perl - security update
DSA-3441-1perl - security update
DSA-2641-1perl - rehashing flaw
DSA-2586-1perl - several
DSA-2267-1perl - restriction bypass
DSA-2265-1perl - missing taint check
DSA-1678-1perl - privilege escalation
DSA-1556-2perl - denial of service
DSA-1400-1perl - arbitrary code execution
DSA-943-1perl - integer overflow
DSA-696-1perl - design flaw
DSA-620-1perl - insecure temporary files / directories
DSA-431perl - information leak
DSA-371perl - cross-site scripting
DSA-208perl - broken safe compartment

Search for package or bug name: Reporting problems