[rurban]

The published SEGV's are not security relevant. They only happen in DEBUGGING output, which is not compiled into production perl's. Unless you use an old redhat system, where they shipped 10x slower debugging perl.

I fixed the publicly reported bugs in 2 minutes. I cannot fix the other bugs since they were not reported to cperl (the perl5 fork which is doing the actual development of perl5). The perl5 security team is doing horrible work, so I would prefer to get the reports also, for independent and usually better fixes.

Brian Carpenter and Dan Collins provided excellent afl work lately for perl5.

[mst]

While your assertion about your fork being "the actual development" is unfortunate, I would encourage anybody submitting security issues to the actual perl5 to also consider sending them to cperl and MLEHMANN's stableperl, since the users of minority forks deserve security too.

[rurban]

No worries, found all of them in public tickets already.

2 of them were actually security relevant, one stack overflow, one heap overflow, all 6 issues already fixed in git.

Regarding your comment about "deserve security": yes. perl5 would deserve a bit security, but all they do is theatre. dozens of known security fixes are ignored.