Package: perl Version: 5.22.2-3 The version of Encode bundled in the perl package has fixes for CVE-2016-1238 that were only added in the separate libencode-perl package in 2.86-1 (upstream version 2.86). See #835984.
The perl side therefore needs to Break libencode-perl (<< 2.86-1), or perhaps (<< 2.86~) though I'm not sure where that would matter, to make sure installing an earlier separately packaged version will not override the fixes in the core version. -- Niko Tyni nt...@debian.org