Fix for 1.2.5 is based on upstream's suggestion about how to prevent the issue in a minimally invasive way. Upstream includes in 1.2.9 a test for this vulnerability in t/11. If vulnerable, the test will cause a segfault. NCommander verified for me that with these changes (he just tested Hardy, but it should be the same for all) it passes the test and fails without the update.
Fix for 1.2.5 is based on upstream's suggestion about how to prevent the issue in a minimally invasive way. Upstream includes in 1.2.9 a test for this vulnerability in t/11. If vulnerable, the test will cause a segfault. NCommander verified for me that with these changes (he just tested Hardy, but it should be the same for all) it passes the test and fails without the update.