Date: Thu, 11 Aug 2016 19:55:20 +0000 From: bugzilla-noreply@freebsd.org To: perl@FreeBSD.org Subject: [Bug 211561] lang/perl5.20, 5.22 & 5.24: Multiple Vulnerabilities Message-ID: <bug-211561-14331-75AlSw99j5@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-211561-14331@https.bugs.freebsd.org/bugzilla/> References: <bug-211561-14331@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211561 --- Comment #15 from Andres Montalban <amontalban@gmail.com> --- Hey guys, I have upgraded to latest (perl5-5.20.3_14) but when I run "pkg audit -F" I= get this output: root@SERVER:~ # pkg audit -F vulnxml file up-to-date perl5-5.20.3_14 is vulnerable: p5-XSLoader -- local arbitrary code execution CVE: CVE-2016-6185 WWW: https://vuxml.FreeBSD.org/freebsd/3e08047f-5a6c-11e6-a6c3-14dae9d210b8.html 1 problem(s) in the installed packages found. But two things: 1) I don't have p5-XSLoader package installed: root@SERVER:~ # pkg info -ao | grep p5-XSLoader root@SERVER:~ #=20 2) Seems XSLoader is in perl5.20 package? root@SERVER:~ # pkg info -l perl5 | grep XSLoader /usr/local/lib/perl5/5.20/XSLoader.pm /usr/local/lib/perl5/5.20/perl/man/man3/XSLoader.3.gz So maybe the vuln needs to be updated to not match perl5-5.20.3_14 or remove XSLoader.pm from perl5.20? Looking forward for your comments. Thanks! --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211561-14331-75AlSw99j5>