From owner-freebsd-questions@freebsd.org Thu Aug 11 19:17:43 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 56D84BB6159; Thu, 11 Aug 2016 19:17:43 +0000 (UTC) (envelope-from dweimer@dweimer.net) Received: from webmail.dweimer.net (24-240-198-188.static.stls.mo.charter.com [24.240.198.188]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2872412DC; Thu, 11 Aug 2016 19:17:42 +0000 (UTC) (envelope-from dweimer@dweimer.net) Received: from webmail.dweimer.local (localhost [10.9.5.2]) by webmail.dweimer.net (8.15.2/8.15.2) with ESMTPS id u7BIwqEG029425 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 11 Aug 2016 13:58:52 -0500 (CDT) (envelope-from dweimer@dweimer.net) Received: (from www@localhost) by webmail.dweimer.local (8.15.2/8.15.2/Submit) id u7BIwpgX029423; Thu, 11 Aug 2016 13:58:51 -0500 (CDT) (envelope-from dweimer@dweimer.net) X-Authentication-Warning: webmail.dweimer.local: www set sender to dweimer@dweimer.net using -f To: JosC Subject: Re: Upgrade Perl5.2.20 (vulnerable) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 11 Aug 2016 13:58:51 -0500 From: "Dean E. Weimer" Cc: "freebsd-questions@FreeBSD.org" , owner-freebsd-questions@freebsd.org Organization: dweimer.net Reply-To: dweimer@dweimer.net Mail-Reply-To: dweimer@dweimer.net In-Reply-To: References: Message-ID: <98acd0e6bcc55fb1140210c315c2e1e5@dweimer.net> X-Sender: dweimer@dweimer.net User-Agent: Roundcube Webmail/1.2.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Aug 2016 19:17:43 -0000 On 2016-08-11 1:43 pm, JosC wrote: > Can someone tell me how to best upgrade from Perl5.20.x to the latest > stable version? > > Tried to upgrade to Perl5.22 but got (also) the same issue while doing > so: > > > ===> Cleaning for perl5-5.20.3_14 > ===> perl5-5.20.3_14 has known vulnerabilities: > perl5-5.20.3_14 is vulnerable: > p5-XSLoader -- local arbitrary code execution > CVE: CVE-2016-6185 > WWW: > https://vuxml.FreeBSD.org/freebsd/3e08047f-5a6c-11e6-a6c3-14dae9d210b8.html > > perl5-5.20.3_14 is vulnerable: > perl -- local arbitrary code execution > CVE: CVE-2016-1238 > WWW: > https://vuxml.FreeBSD.org/freebsd/72bfbb09-5a6a-11e6-a6c3-14dae9d210b8.html > > 1 problem(s) in the installed packages found. > => Please update your ports tree and try again. > => Note: Vulnerable ports are marked as such even if there is no > update available. > => If you wish to ignore this vulnerability rebuild with 'make > DISABLE_VULNERABILITIES=yes' > *** Error code 1 > > Stop. > make[1]: stopped in /usr/ports/lang/perl5.20 > *** Error code 1 > > Stop. > make: stopped in /usr/ports/lang/perl5.20 > > --- cut --- > > > Thanks, > Jos Chrispijn Looks like they just updated all the perl ports to a release candidate version to fix this, as in 20 to 30 minutes ago. -- Thanks, Dean E. Weimer http://www.dweimer.net/