Date: Sat, 13 Aug 2016 20:04:09 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 211816] devel/p5-XSLoader remove or update the perl5* <package> section of vuxml.xml Message-ID: <bug-211816-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211816 Bug ID: 211816 Summary: devel/p5-XSLoader remove or update the perl5* <package> section of vuxml.xml Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: perl@FreeBSD.org Reporter: dereks@lifeofadishwasher.com Flags: maintainer-feedback?(perl@FreeBSD.org) Assignee: perl@FreeBSD.org With the release of perl5.{18.4_23,20.3_14,22.3.r2,24.1.r2} and perl-devel-5.25.3.18 to address CVE-2016-1238 should devel/p5-XSLoader remo= ve or update the perl5* entries from vid 72bfbb09-5a6a-11e6-a6c3-14dae9d210b8 = such that if you don't have devel/p5-XSLoader installed pkg-audit doesn't trigger and vulnerably message. # pkg audit -F ... perl5-5.20.3_14 is vulnerable: p5-XSLoader -- local arbitrary code execution CVE: CVE-2016-6185 WWW: https://vuxml.FreeBSD.org/freebsd/3e08047f-5a6c-11e6-a6c3-14dae9d210b8.html ... $ pkg info -x p5-XSLoader pkg: No package(s) matching p5-XSLoader It seems that pkg-audit shouldn't be triggered here. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211816-13>