Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 13 Aug 2016 20:04:09 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 211816] devel/p5-XSLoader remove or update the perl5* <package> section of vuxml.xml
Message-ID:  <bug-211816-13@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211816

            Bug ID: 211816
           Summary: devel/p5-XSLoader remove or update the perl5*
                    <package> section of vuxml.xml
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: perl@FreeBSD.org
          Reporter: dereks@lifeofadishwasher.com
             Flags: maintainer-feedback?(perl@FreeBSD.org)
          Assignee: perl@FreeBSD.org

With the release of perl5.{18.4_23,20.3_14,22.3.r2,24.1.r2} and
perl-devel-5.25.3.18 to address CVE-2016-1238 should devel/p5-XSLoader remo=
ve
or update the perl5* entries from vid 72bfbb09-5a6a-11e6-a6c3-14dae9d210b8 =
such
that if you don't have devel/p5-XSLoader installed pkg-audit doesn't trigger
and vulnerably message.

# pkg audit -F

...
perl5-5.20.3_14 is vulnerable:
p5-XSLoader -- local arbitrary code execution
CVE: CVE-2016-6185
WWW:
https://vuxml.FreeBSD.org/freebsd/3e08047f-5a6c-11e6-a6c3-14dae9d210b8.html
...

$ pkg info -x p5-XSLoader
pkg: No package(s) matching p5-XSLoader

It seems that pkg-audit shouldn't be triggered here.

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211816-13>