Bug 1658194

Summary: Rebase to latest 5.26 security fix release
Product: Red Hat Software Collections Reporter: Jitka Plesnikova <jplesnik>
Component: perlAssignee: perl-maint-list
Status: CLOSED CURRENTRELEASE QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rh-perl526CC: jorton, ppisar, tborcin
Target Milestone: ---Keywords: Rebase, ZStream
Target Release: 3.6   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rh-perl526-perl-5.26.3-405.el7 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1658969 (view as bug list) Environment:
Last Closed: 2020-05-05 12:01:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1658969    

Description Jitka Plesnikova 2018-12-11 13:35:25 UTC 
RHSCL 3.2 delivers Perl 5.26.1. 

The release 5.26.2 contains  fixes for:
CVE-2018-6797 heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)
CVE-2018-6798 Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)
CVE-2018-6913 heap-buffer-overflow in S_pack_rec
Assertion failure in Perl__core_swash_init (utf8.c)

https://metacpan.org/pod/release/SHAY/perl-5.26.2/pod/perldelta.pod

The latest release is 5.26.3. 
It contains fixes for:

CVE-2018-18311 perl: Integer overflow leading to buffer overflow (BZ#1653528)
- deadline for the CVE is 2018-12-29

CVE-2018-18312 perl: Heap-buffer-overflow write / reg_node overrun (BZ#1653523)
CVE-2018-18313 perl: Heap-buffer-overflow read in regcomp.c (BZ#1653525)
CVE-2018-18314 perl: Heap-based buffer overflow (BZ#1653520)

https://metacpan.org/pod/release/SHAY/perl-5.26.3/pod/perldelta.pod

It would be great to rebase the perl package to deliver fixed latest stable
release.