Date: Fri, 15 Mar 2013 17:30:20 +0400 From: freebsd@tern.ru To: freebsd-security@freebsd.org Subject: old perl vulnerabilitiy Message-ID: <1472823038.20130315173020@tern.ru>
next in thread | raw e-mail | index | archive | help
Hello Freebsd-security, I've got portaudit alarm on perl-5.8.9_7 with regard to perl -- denial of service via algorithmic complexity attack on hashing routines. Reference: http://portaudit.FreeBSD.org/68c1f75b-8824-11e2-9996-c48508086173.html But on the other server I have perl-threaded-5.8.9_7 and portaudit thinks that it is OK (no problem) Is it correct? It seems to me that threaded perl also should have the same problem. Please advise. PS. I know that it is old and "unsupported" but I don't want to upgrade without serious reason. And, any way, the "behavior" of portaudit seems to me not correct. With best regards, Alexandre Krasnov.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1472823038.20130315173020>