Hi Niko, On Fri, Jun 05, 2026 at 09:46:14PM +0300, Niko Tyni wrote: > I'm postponing fixes for CVE-2026-42496, CVE-2026-42497, and CVE-2026-9538 > in Archive-Tar. > > These are rather intertwined, and backporting them onto older versions > is pretty much the same thing as upgrading the whole module. > > Also there's a regression fix in Archive-Tar 3.12 and I want to wait a bit > to see if others surface. > > Upstream plans to include the fixes in point releases for 5.42 and 5.40, > as discussed in https://github.com/Perl/perl5/issues/24445 . Let's see > what they do with this first.
Sounds good, thanks for the update on those! Regards, Salvatore
