I'm trying to patch our Perl package against CVE-2016-1238 and 
CVE-2016-6185:

<https://www.debian.org/security/2016/dsa-3628>

This patch uses a graft to apply new patches which are composed of
commits from the 'maint-5.22' branch of
<http://perl5.git.perl.org/perl.git>.

Unfortunately, some of the changes related to CVE-2016-1238 don't apply
to our Perl source code. There are several '.rej' files that look like
this:

--- dist/PathTools/lib/File/Spec.pm
+++ dist/PathTools/lib/File/Spec.pm
@@ -3,7 +3,7 @@ package File::Spec;
 use strict;
 use vars qw(@ISA $VERSION);
 
-$VERSION = '3.56_01';
+$VERSION = '3.56_02';
 $VERSION =~ tr/_//;
 
 my %module = (MacOS   => 'Mac',

Any advice?

By the way, I found that we never removed (replacement #f) from
perl-boot0 after removing the previous Perl graft.

Leo Famulari (1):
  gnu: perl: Fix CVE-2016-{1238,6185}.

 gnu/local.mk                                  |    2 + 
 gnu/packages/patches/perl-CVE-2016-1238.patch | 3673 +++++++++++++++++++++++++
 gnu/packages/patches/perl-CVE-2016-6185.patch |  208 ++
 gnu/packages/perl.scm                         |   24 +
 4 files changed, 3907 insertions(+)
 create mode 100644 gnu/packages/patches/perl-CVE-2016-1238.patch
 create mode 100644 gnu/packages/patches/perl-CVE-2016-6185.patch