#1140005 trixie-pu: package libnet-cidr-set-perl/0.15-1+deb13u1

#1140005#5
Date:
2026-06-14 14:52:22 UTC
From:
To:
[ Reason ]
This fixes CVE-2026-49940, CVE-2026-49942 and CVE-2026-49941.
These are minior issues with input sanitizing.

[ Impact ]
Depending on the usage of the library this may be a security issue.

[ Tests ]
salsa-ci passed execpt test-uscan (which isn't a problem for a
trixie-pu).  See
https://salsa.debian.org/perl-team/modules/packages/libnet-cidr-set-perl/-/pipelines/1108672
The two patches both ship their own test cases, which succeed.
(For this I had to add libtest-exception-perl to Build-Depends).

[ Risks ]
Hopefully none...

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable (0.21-1)

[ Changes ]
Fixes for CVE-2026-49940, CVE-2026-49942 and CVE-2026-49941.
Add libtest-exception-perl to Build-Depends to run the added
testsuite.
Switch RELEASE in salsa-ci to trixie.

[ Other info ]
Moritz Mühlenhoff from the security team suggested to fix this via
point release, no need for a DSA.

Greetings
Roland