Bump Perl versions to fix various CVE's in perl 5.3[468] - Githubissues

Perl / docker-perl

Dockerfiles for index.docker.io (official Perl Docker image)

https://registry.hub.docker.com/_/perl/

Artistic License 2.0

117 stars 51 forks source link

Bump Perl versions to fix various CVE's in perl 5.3[468] #149

Closed waterkip closed 7 months ago

waterkip commented 7 months ago

See: 5.34.2: https://www.nntp.perl.org/group/perl.perl5.porters/2023/11/msg267352.html

5.36.2:https://www.nntp.perl.org/group/perl.perl5.porters/2023/11/msg267353.html

5.38.1: https://www.nntp.perl.org/group/perl.perl5.porters/2023/11/msg267354.html

zakame commented 7 months ago

Not quite yet, waiting for https://github.com/Perl/perl5/issues/21671

waterkip commented 7 months ago

It seems we go to: 5.34.3, 5.36.3 and 5.38.2.

See https://www.nntp.perl.org/group/perl.perl5.porters/2023/11/msg267372.html

waterkip commented 7 months ago

We have the updated SHA's and version numbers from https://www.nntp.perl.org/group/perl.perl5.porters/2023/11/msg267400.html but we cannot download them yet from cpan.org:

Downloading https://www.cpan.org/src/5.0/perl-5.34.3.tar.xz
tar: downloads/perl-5.34.3.tar.xz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
Couldn't create a temp git repo for 5.34.3 at ./generate.pl line 140.

zakame commented 7 months ago

Thanks for the updates @waterkip! We can drop the eol renames - only the oldest previous release is moved there (e.g. 5.32.1,) and this directory is really used only for forced rebuilds like in #101