From owner-freebsd-perl@freebsd.org  Sun Aug 14 19:43:41 2016
Return-Path: <owner-freebsd-perl@freebsd.org>
Delivered-To: freebsd-perl@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6B5D5BBA972
 for <freebsd-perl@mailman.ysv.freebsd.org>;
 Sun, 14 Aug 2016 19:43:41 +0000 (UTC)
 (envelope-from tweakerz@shaw.ca)
Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 51205100F
 for <freebsd-perl@freebsd.org>; Sun, 14 Aug 2016 19:43:41 +0000 (UTC)
 (envelope-from tweakerz@shaw.ca)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 4C730BBA971; Sun, 14 Aug 2016 19:43:41 +0000 (UTC)
Delivered-To: perl@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4C163BBA970
 for <perl@mailman.ysv.freebsd.org>; Sun, 14 Aug 2016 19:43:41 +0000 (UTC)
 (envelope-from tweakerz@shaw.ca)
Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.138])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "Client", Issuer "CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 23266100D
 for <perl@freebsd.org>; Sun, 14 Aug 2016 19:43:40 +0000 (UTC)
 (envelope-from tweakerz@shaw.ca)
Received: from MCS2 ([173.183.92.8]) by shaw.ca with SMTP
 id Z1JfbNo9eeXEcZ1JkbU8bd; Sun, 14 Aug 2016 13:43:33 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shaw.ca;
 s=s20150330; t=1471203813;
 bh=3zDlNNZ26z8ZNJXTy6rQk0/nRzsuNMPJtqlce6HdmGI=;
 h=From:To:Subject:Date;
 b=ptlqYQshCzG45eOJ9dbbfmuzUocKfBiyW4NDUB4yNfSQemLTnMz/ycX7LSS3Qg6TJ
 rd82fGNhVQBE37MKWVoA17SXJIn1OYJg8dtrZ7W719ffa0mJaPMVKHNr8QzakbCSQR
 0LjGQ3HIWgBLTZAKWmMOBtEUcaz3ICToJ5THmm2NILOAZDvTUH+SyHfH53/uNvNEf2
 t1NT0aSJKCkG4jPsAPW7gyULrM0b+Tt7BpQpdlqkBXyBmUhnXa2Be0qlciX/bhREBi
 1fs1yVjlh1FZ1kfg/aGcMjwzopA1aZx/yzsD1MBpzDF7OeJranTMzCUK1f4mBOFP5C
 WovIjuolA6kIQ==
X-Authority-Analysis: v=2.2 cv=T/3OdLCQ c=1 sm=1 tr=0
 a=BWgA9jSdZ5YFp+vbCET2hA==:117 a=BWgA9jSdZ5YFp+vbCET2hA==:17
 a=r77TgQKjGQsHNAKrUKIA:9 a=6I5d2MoRAAAA:8 a=9jeFyHrzbM6UwWQ3mbQA:9
 a=8UfgFQVKzQoA:10 a=C5z25RKvmfFN-9MJ:21 a=_W_S_7VecoQA:10
 a=IjZwj45LgO3ly-622nXo:22
Message-ID: <79E8A2ABDBA64869B3E252D130AFA7EB@MCS2>
From: "Ken J." <tweakerz@shaw.ca>
To: <perl@FreeBSD.org>
Subject: perl5-5.20.3_14 has known vulnerabilities
Date: Sun, 14 Aug 2016 12:43:26 -0700
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
X-CMAE-Envelope: MS4wfBER06ERkmOJ0PKkamytB4EYh+/Kg6U9q7MDvz391ificGNV/PA+8tSdKB7uqWWAR1xTB+Eh+lMvKzIGzSm7HE2ge/wpcTNkGdPNLSKrBa45yDC4SWZt
 wNoGtclM0Qb3nogG9MjV6EJyl+PawZx352Q=
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.22
X-BeenThere: freebsd-perl@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: maintainer of a number of perl-related ports
 <freebsd-perl.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-perl>,
 <mailto:freebsd-perl-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-perl/>
List-Post: <mailto:freebsd-perl@freebsd.org>
List-Help: <mailto:freebsd-perl-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-perl>,
 <mailto:freebsd-perl-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Aug 2016 19:43:41 -0000

Hi There,

Any ideas when the port will be updated to fix this?

perl5-5.20.3_14 is vulnerable:
p5-XSLoader -- local arbitrary code execution
CVE: CVE-2016-6185
WWW: =
https://vuxml.FreeBSD.org/freebsd/3e08047f-5a6c-11e6-a6c3-14dae9d210b8.ht=
ml

1 problem(s) in the installed packages found.
=3D> Please update your ports tree and try again.
=3D> Note: Vulnerable ports are marked as such even if there is no =
update available.
=3D> If you wish to ignore this vulnerability rebuild with 'make =
DISABLE_VULNERABILITIES=3Dyes'
*** Error code 1

Thanks,

Ken
From owner-freebsd-perl@freebsd.org  Sun Aug 14 19:50:54 2016
Return-Path: <owner-freebsd-perl@freebsd.org>
Delivered-To: freebsd-perl@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 667ACBBAAD8
 for <freebsd-perl@mailman.ysv.freebsd.org>;
 Sun, 14 Aug 2016 19:50:54 +0000 (UTC) (envelope-from lists@opsec.eu)
Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 56F76150A
 for <freebsd-perl@freebsd.org>; Sun, 14 Aug 2016 19:50:54 +0000 (UTC)
 (envelope-from lists@opsec.eu)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 565CEBBAAD7; Sun, 14 Aug 2016 19:50:54 +0000 (UTC)
Delivered-To: perl@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 56008BBAAD6
 for <perl@mailman.ysv.freebsd.org>; Sun, 14 Aug 2016 19:50:54 +0000 (UTC)
 (envelope-from lists@opsec.eu)
Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1C3241508
 for <perl@FreeBSD.org>; Sun, 14 Aug 2016 19:50:54 +0000 (UTC)
 (envelope-from lists@opsec.eu)
Received: from pi by home.opsec.eu with local (Exim 4.87 (FreeBSD))
 (envelope-from <lists@opsec.eu>)
 id 1bZ1Qs-0003qD-G7; Sun, 14 Aug 2016 21:50:54 +0200
Date: Sun, 14 Aug 2016 21:50:54 +0200
From: Kurt Jaeger <lists@opsec.eu>
To: "Ken J." <tweakerz@shaw.ca>
Cc: perl@FreeBSD.org
Subject: Re: perl5-5.20.3_14 has known vulnerabilities
Message-ID: <20160814195054.GJ96200@home.opsec.eu>
References: <79E8A2ABDBA64869B3E252D130AFA7EB@MCS2>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <79E8A2ABDBA64869B3E252D130AFA7EB@MCS2>
X-BeenThere: freebsd-perl@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: maintainer of a number of perl-related ports
 <freebsd-perl.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-perl>,
 <mailto:freebsd-perl-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-perl/>
List-Post: <mailto:freebsd-perl@freebsd.org>
List-Help: <mailto:freebsd-perl-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-perl>,
 <mailto:freebsd-perl-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Aug 2016 19:50:54 -0000

Hi!

> Any ideas when the port will be updated to fix this?

See

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211816

-- 
pi@opsec.eu            +49 171 3101372                         4 years to go !