Package: libencode-perl Version: 2.84-2 Severity: important Tags: security fixed-upstream jessie wheezy Forwarded: https://github.com/dankogai/p5-encode/pull/58 X-Debbugs-Cc: car...@debian.org, d...@earth.li Control: found -1 2.63-1+deb8u1 Control: found -1 2.44-1+deb7u1
It looks like this package was not updated for CVE-2016-1238 while the version bundled with Perl core was, for all of testing/unstable, stable, and oldstable. So installing the separate package will now override the fixes in the core version. Upstream included the fixes in 2.85 so updating to that should be enough for testing/unstable. (Not sure if this should be 'serious', feel free to bump as you see fit.) -- Niko Tyni nt...@debian.org