[ Reason ]
This fixes CVE-2026-49940, CVE-2026-49942 and CVE-2026-49941.
These are minior issues with input sanitizing.
[ Impact ]
Depending on the usage of the library this may be a security issue.
[ Tests ]
salsa-ci passed execpt test-uscan (which isn't a problem for a
trixie-pu). See
https://salsa.debian.org/perl-team/modules/packages/libnet-cidr-set-perl/-/pipelines/1108672
The two patches both ship their own test cases, which succeed.
(For this I had to add libtest-exception-perl to Build-Depends).
[ Risks ]
Hopefully none...
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable (0.21-1)
[ Changes ]
Fixes for CVE-2026-49940, CVE-2026-49942 and CVE-2026-49941.
Add libtest-exception-perl to Build-Depends to run the added
testsuite.
Switch RELEASE in salsa-ci to trixie.
[ Other info ]
Moritz Mühlenhoff from the security team suggested to fix this via
point release, no need for a DSA.
Greetings
Roland