This issue is being treated as a security issue by Debian; see http://www.openwall.com/lists/oss-security/2016/04/20/5 If p5p agrees that this is a correct assessment (it seems so to me) then it should be queued for 5.20.4, I presume? The Debian bug reporter has rebased the patch for 5.20, but I haven't reviewed that: https://bugs.debian.org/821848 --- via perlbug: queue: perl5 status: pending release https://rt.perl.org/Ticket/Display.html?id=123562Thread Previous