Version in base suite: 5.36.0-7+deb12u1

Base version: perl_5.36.0-7+deb12u1
Target version: perl_5.36.0-7+deb12u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/p/perl/perl_5.36.0-7+deb12u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/p/perl/perl_5.36.0-7+deb12u2.dsc

 changelog                         |    6 ++++++
 patches/fixes/CVE-2024-56406.diff |   31 +++++++++++++++++++++++++++++++
 patches/series                    |    1 +
 3 files changed, 38 insertions(+)

diff -Nru perl-5.36.0/debian/changelog perl-5.36.0/debian/changelog
--- perl-5.36.0/debian/changelog	2023-11-25 20:59:54.000000000 +0000
+++ perl-5.36.0/debian/changelog	2025-04-12 15:16:31.000000000 +0000
@@ -1,3 +1,9 @@
+perl (5.36.0-7+deb12u2) bookworm-security; urgency=medium
+
+  * [SECURITY] CVE-2024-56406: Fix heap-buffer-overflow with tr//
+
+ -- Niko Tyni <ntyni@debian.org>  Sat, 12 Apr 2025 18:16:31 +0300
+
 perl (5.36.0-7+deb12u1) bookworm; urgency=medium
 
   * [SECURITY] CVE-2023-47038: Write past buffer end via illegal
diff -Nru perl-5.36.0/debian/patches/fixes/CVE-2024-56406.diff perl-5.36.0/debian/patches/fixes/CVE-2024-56406.diff
--- perl-5.36.0/debian/patches/fixes/CVE-2024-56406.diff	1970-01-01 00:00:00.000000000 +0000
+++ perl-5.36.0/debian/patches/fixes/CVE-2024-56406.diff	2025-04-12 15:16:09.000000000 +0000
@@ -0,0 +1,31 @@
+From: Karl Williamson <khw@cpan.org>
+Date: Wed, 18 Dec 2024 18:25:29 -0700
+Subject: CVE-2024-56406: Heap-buffer-overflow with tr//
+
+This was due to underallocating needed space.  If the translation forces
+something to become UTF-8 that is initially bytes, that UTF-8 could
+now require two bytes where previously a single one would do.
+
+(cherry picked from commit f93109c8a6950aafbd7488d98e112552033a3686)
+
+commit 4ff211d2bd05db0ba9e18faf1ff8bd3dab128c5a
+Author:     Karl Williamson <khw@cpan.org>
+AuthorDate: 2024-12-18 18:25:29 -0700
+Commit:     Steve Hay <steve.m.hay@googlemail.com>
+CommitDate: 2025-03-30 11:58:35 +0100
+---
+ op.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/op.c b/op.c
+index 7fa0cc6..5213932 100644
+--- a/op.c
++++ b/op.c
+@@ -7605,6 +7605,7 @@ S_pmtrans(pTHX_ OP *o, OP *expr, OP *repl)
+                  * same time.  But otherwise one crosses before the other */
+                 if (t_cp < 256 && r_cp_end > 255 && r_cp != t_cp) {
+                     can_force_utf8 = TRUE;
++                    max_expansion = MAX(2, max_expansion);
+                 }
+             }
+ 
diff -Nru perl-5.36.0/debian/patches/series perl-5.36.0/debian/patches/series
--- perl-5.36.0/debian/patches/series	2023-11-25 20:59:54.000000000 +0000
+++ perl-5.36.0/debian/patches/series	2025-04-12 15:16:09.000000000 +0000
@@ -51,3 +51,4 @@
 fixes/readline-stream-errors-test.diff
 fixes/lto-test-fix.diff
 fixes/CVE-2023-47038.diff
+fixes/CVE-2024-56406.diff