-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 29 Jun 2026 22:40:15 +0200
Source: libjavascript-minifier-xs-perl
Architecture: source
Version: 0.16-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: gregor herrmann <gregoa@debian.org>
Changes:
libjavascript-minifier-xs-perl (0.16-1) unstable; urgency=medium
.
[ Debian Janitor ]
* Update standards version to 4.6.1, no changes needed.
.
[ gregor herrmann ]
* Import upstream version 0.16.
- Fixes CVE-2026-56017, which caused Perl to SEGFAULT when calling
minify(). Thanks to CPANSec for raising the issue, and providing a
prototype fix.
- Fixes CVE-2026-56018, caused by a memory leak in minify() where each
tokenized Node's "contents" buffer were not properly freed, resulting in
a memory leak on every call.
* Update years of upstream and packaging copyright.
* Declare compliance with Debian Policy 4.7.4.
* Remove «Rules-Requires-Root: no», which is the current default.
* Remove «Priority: optional», which is the current default.
Checksums-Sha1:
5fff742c96be33c01efdfdbcc3a5855c65ca6424 2544 libjavascript-minifier-xs-perl_0.16-1.dsc
b1dec74d3c9178577c6d257ed066fc8b585b27b4 27635 libjavascript-minifier-xs-perl_0.16.orig.tar.gz
d8505b8506029ee6767567fdd0af4b27802bc74d 3100 libjavascript-minifier-xs-perl_0.16-1.debian.tar.xz
Checksums-Sha256:
f22f146cdae96c1de1e6687b7acb0c7dec76c2e15b780fdc28bf561c827207c7 2544 libjavascript-minifier-xs-perl_0.16-1.dsc
75034e876939ebc3dd48ce2ebaf06044b06ed57ab3a1863f053f950e984d9954 27635 libjavascript-minifier-xs-perl_0.16.orig.tar.gz
85c93d65a56c6b8e05ec5e6508c4c54ac1e8045344ce8c6507ac82bbe789614e 3100 libjavascript-minifier-xs-perl_0.16-1.debian.tar.xz
Files:
0559203b40e2b7c88b95f739d2b9b244 2544 perl optional libjavascript-minifier-xs-perl_0.16-1.dsc
91fb711dfc5d70cb616b6fc8ca66ff9d 27635 perl optional libjavascript-minifier-xs-perl_0.16.orig.tar.gz
6d499a8b1514fb22641dfaa6a3135333 3100 perl optional libjavascript-minifier-xs-perl_0.16-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmpC2KNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgYSAw//dYg2cfI0uQhZa/zoCa7X1r9TwjKAIvTtWvXAUG6dO096FYZVGp+fe8ex
W3xhhGuDNWCb9SmnSjUJ/FGwYs8jux4g3LqWuqyaNksiVkUtCsAwxAQsXPGcCsTb
5t7uY05ZIcCNuI82y5lfGqd/4Tz1lL7/B208YiaCCCfL/diCU+ayR4i9BF1+MHYa
Wq4Mv68iPGqerJ5CFj3hYxYdL2GTExUyLH1hleWfQmnoYxKoJyPKsHlHb6siOrHe
Vv59CkzkBRn1OEeSt4ggXho+wiRggt5e6XQNCbihYdiVP172Icfq6gy0/mIsHwbs
84T7eQQR+0PpOxfRxCStMO0HXPcMequCtzKa6RQ92GqpzjnXeZ2mI9OkecKxVZNB
oxQEcQEe0up/nkAYRUs+P/qRFNPk1vogAO9P4n3aFgYaOZ+4EfxaBirtYxTUH6sX
rgqYk7ukNrYnW+0LJ+8o5GcsYe0uKzhk3sZRVwxhV6womrXeJ5SVlK5YvKiFS/lT
BBbI0G8d/47i48mGTJeGRirTakms4FYIsxyYfHD7Wyymuh6+DtcwPvTt60iL9vBP
n7rYeLGvVDrQUT9Y8MYKezglG3XbMTqxB5OrGCH2Sl1d4fTgbWvv0TeBrSftNpUj
0Xw76c7VkcyHDGemPag4OPD9Ci6YRtJSGFaUxeiDmISFFj8tugo=
=CyL8
-----END PGP SIGNATURE-----