Date: Sat, 13 Aug 2016 20:04:09 +0000 From: bugzilla-noreply@freebsd.org To: perl@FreeBSD.org Subject: maintainer-feedback requested: [Bug 211816] devel/p5-XSLoader remove or update the perl5* <package> section of vuxml.xml Message-ID: <bug-211816-14331-omh20jwXz4@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-211816-14331@https.bugs.freebsd.org/bugzilla/> References: <bug-211816-14331@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
dereks@lifeofadishwasher.com has reassigned Bugzilla Automation <bugzilla@FreeBSD.org>'s request for maintainer-feedback to perl@FreeBSD.or= g: Bug 211816: devel/p5-XSLoader remove or update the perl5* <package> section= of vuxml.xml https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211816 --- Description --- With the release of perl5.{18.4_23,20.3_14,22.3.r2,24.1.r2} and perl-devel-5.25.3.18 to address CVE-2016-1238 should devel/p5-XSLoader remo= ve or update the perl5* entries from vid 72bfbb09-5a6a-11e6-a6c3-14dae9d210b8 = such that if you don't have devel/p5-XSLoader installed pkg-audit doesn't trigger and vulnerably message. # pkg audit -F ... perl5-5.20.3_14 is vulnerable: p5-XSLoader -- local arbitrary code execution CVE: CVE-2016-6185 WWW: https://vuxml.FreeBSD.org/freebsd/3e08047f-5a6c-11e6-a6c3-14dae9d210b8.html ... $ pkg info -x p5-XSLoader pkg: No package(s) matching p5-XSLoader It seems that pkg-audit shouldn't be triggered here.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211816-14331-omh20jwXz4>