From owner-freebsd-security  Wed Jun 26 13:05:42 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id NAA04975
          for security-outgoing; Wed, 26 Jun 1996 13:05:42 -0700 (PDT)
Received: from ns2.harborcom.net (root@ns2.harborcom.net [206.158.4.4])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id NAA04963
          for <freebsd-security@freebsd.org>; Wed, 26 Jun 1996 13:05:34 -0700 (PDT)
Received: from swoosh.dunn.org (swoosh.dunn.org [206.158.7.243]) by ns2.harborcom.net (8.7.4/8.6.12) with SMTP id QAA23146; Wed, 26 Jun 1996 16:05:16 -0400 (EDT)
Message-Id: <199606262005.QAA23146@ns2.harborcom.net>
Comments: Authenticated sender is <dunn@harborcom.net>
From: "Bradley Dunn" <dunn@harborcom.net>
Organization: Harbor Communications
To: Nate Williams <nate@mt.sri.com>
Date: Wed, 26 Jun 1996 16:00:42 -0500
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Re: CERT Advisory CA-96.12 - Vulnerability in suidperl (fwd
Reply-to: dunn@harborcom.net
CC: FREEBSD-SECURITY-L <freebsd-security@freebsd.org>
Priority: normal
X-mailer: Pegasus Mail for Win32 (v2.31)
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On 26 Jun 96 at 13:14, Nate Williams wrote:

> >     I believe this applies to perl4 as shipped with all versions of
> > FreeBSD, as well as the perl5 packages/ports.  Does anyone know what
> > the actual vulnerability is?
> 
> I don't, but thanks for bringing this up.  I was planning on bringing
> this in but I forgot.  I just applied the suggested change to the
> version of perl in -stable and -current, so it'll be in 2.1.5.

The port should be upgraded to 5.003 as well.

Bradley Dunn <dunn@harborcom.net>