Date: Fri, 15 Mar 2013 17:30:20 +0400 From: freebsd@tern.ru To: freebsd-security@freebsd.org Subject: old perl vulnerabilitiy Message-ID: <1472823038.20130315173020@tern.ru>
index | next in thread | raw e-mail
Hello Freebsd-security, I've got portaudit alarm on perl-5.8.9_7 with regard to perl -- denial of service via algorithmic complexity attack on hashing routines. Reference: http://portaudit.FreeBSD.org/68c1f75b-8824-11e2-9996-c48508086173.html But on the other server I have perl-threaded-5.8.9_7 and portaudit thinks that it is OK (no problem) Is it correct? It seems to me that threaded perl also should have the same problem. Please advise. PS. I know that it is old and "unsupported" but I don't want to upgrade without serious reason. And, any way, the "behavior" of portaudit seems to me not correct. With best regards, Alexandre Krasnov.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1472823038.20130315173020>