Register | Log in

libtemplate-perl

"Template Toolkit" template processing system in Perl

Choose email to subscribe with

general

source: libtemplate-perl (main)
version: 3.102-3
maintainer: Debian Perl Group (archive) (DMD) (LowNMU)
uploaders: Benjamin Mako Hill [DMD] – Andreas Tille [DMD]
arch: any
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.27-1
oldstable: 2.27-1
stable: 2.27-1
testing: 3.102-3
unstable: 3.102-3

versioned links

2.27-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.102-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libtemplate-perl (4 bugs: 0, 2, 2, 0)

action needed

A new upstream version is available: 3.106 high

A new upstream version 3.106 is available, you should consider packaging it.

Created: 2026-05-24 Last update: 2026-06-12 19:31

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-5090: (needs triaging) Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The html_filter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in <a id='ref' title='[% var | html %]'> would not be properly escaped. An attacker could insert some limited HTML and JavaScript, for example, var = " ' onclick='while (true) { alert(1) }'" Note that arbitrary HTML and JavaScript would be difficult to inject, because angle brackets, ampersands and double-quotes would still be escaped.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-05-20 Last update: 2026-06-10 18:47

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2026-5090: (needs triaging) Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The html_filter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in <a id='ref' title='[% var | html %]'> would not be properly escaped. An attacker could insert some limited HTML and JavaScript, for example, var = " ' onclick='while (true) { alert(1) }'" Note that arbitrary HTML and JavaScript would be difficult to inject, because angle brackets, ampersands and double-quotes would still be escaped.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-05-20 Last update: 2026-06-10 18:47

news

[2026-05-24] libtemplate-perl 3.102-3 MIGRATED to testing (Debian testing watch)
[2026-05-20] Accepted libtemplate-perl 3.102-3 (source) into unstable (gregor herrmann)
[2026-04-15] libtemplate-perl 3.102-2 MIGRATED to testing (Debian testing watch)
[2026-04-11] Accepted libtemplate-perl 3.102-2 (source) into unstable (gregor herrmann)
[2025-10-02] libtemplate-perl 3.102-1 MIGRATED to testing (Debian testing watch)
[2025-09-30] Accepted libtemplate-perl 3.102-1 (source) into unstable (Andreas Tille)
[2018-03-21] libtemplate-perl 2.27-1 MIGRATED to testing (Debian testing watch)
[2018-03-11] Accepted libtemplate-perl 2.27-1 (source amd64) into unstable (Benjamin Mako Hill)
[2014-07-03] libtemplate-perl 2.24-1.2 MIGRATED to testing (Debian testing watch)
[2014-06-27] Accepted libtemplate-perl 2.24-1.2 (source amd64 all) (gregor herrmann)
[2013-08-25] libtemplate-perl 2.24-1.1 MIGRATED to testing (Debian testing watch)
[2013-08-19] Accepted libtemplate-perl 2.24-1.1 (source amd64 all) (CSILLAG Tamas)
[2012-07-11] libtemplate-perl 2.24-1 MIGRATED to testing (Debian testing watch)
[2012-06-30] Accepted libtemplate-perl 2.24-1 (source all amd64) (Benjamin Mako Hill) (signed by: Benjamin Hill)
[2010-06-03] libtemplate-perl 2.22-0.1 MIGRATED to testing (Debian testing watch)
[2010-05-23] Accepted libtemplate-perl 2.22-0.1 (source all amd64) (Laurent Bigonville)
[2009-07-09] libtemplate-perl 2.20-1 MIGRATED to testing (Debian testing watch)
[2008-12-23] libtemplate-perl 2.19-1.1lenny1.1 MIGRATED to testing (Debian testing watch)
[2008-12-13] Accepted libtemplate-perl 2.19-1.1lenny1.1 (source all i386) (Dominic Hargreaves)
[2008-09-24] libtemplate-perl 2.19-1.1lenny1 MIGRATED to testing (Debian testing watch)
[2008-09-03] Accepted libtemplate-perl 2.19-1.1lenny1 (source all i386) (Dominic Hargreaves)
[2008-08-21] Accepted libtemplate-perl 2.20-1 (source all i386) (Benjamin Mako Hill) (signed by: Benjamin Hill)
[2008-07-30] Accepted libtemplate-perl 2.19-1.1 (source all i386) (Dominic Hargreaves)
[2007-06-01] libtemplate-perl 2.19-1 MIGRATED to testing (Debian testing watch)
[2007-05-14] Accepted libtemplate-perl 2.19-1 (source i386 all) (Benjamin Mako Hill) (signed by: Benjamin Hill)
[2007-04-20] libtemplate-perl 2.15-1 MIGRATED to testing (Debian testing watch)
[2007-04-10] Accepted libtemplate-perl 2.15-1 (source i386 all) (Benjamin Mako Hill) (signed by: Benjamin Hill)
[2007-01-17] Accepted libtemplate-perl 2.15-0.0 (source i386 all) (Dominic Hargreaves)
[2005-01-04] Accepted libtemplate-perl 2.14-1 (i386 source all) (Benjamin Hill (Mako)) (signed by: Benjamin Hill)
[2003-08-09] Accepted libtemplate-perl 2.10-1 (i386 source all) (Benjamin Hill (Mako)) (signed by: Benjamin Hill)

1
2

bugs [bug history graph]

all: 4
RC: 0
I&N: 2
M&W: 2
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.102-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing