From owner-freebsd-security  Wed Jun 26 13:07:35 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id NAA05097
          for security-outgoing; Wed, 26 Jun 1996 13:07:35 -0700 (PDT)
Received: from rocky.mt.sri.com (rocky.sri.MT.net [204.182.243.10])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id NAA05084
          for <freebsd-security@freebsd.org>; Wed, 26 Jun 1996 13:07:31 -0700 (PDT)
Received: (from nate@localhost) by rocky.mt.sri.com (8.7.5/8.7.3) id OAA05767; Wed, 26 Jun 1996 14:06:46 -0600 (MDT)
Date: Wed, 26 Jun 1996 14:06:46 -0600 (MDT)
Message-Id: <199606262006.OAA05767@rocky.mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
To: dunn@harborcom.net
Cc: Nate Williams <nate@mt.sri.com>,
        FREEBSD-SECURITY-L <freebsd-security@freebsd.org>
Subject: Re: CERT Advisory CA-96.12 - Vulnerability in suidperl (fwd
In-Reply-To: <199606262005.QAA23146@ns2.harborcom.net>
References: <199606262005.QAA23146@ns2.harborcom.net>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Bradley Dunn writes:
> On 26 Jun 96 at 13:14, Nate Williams wrote:
> 
> > >     I believe this applies to perl4 as shipped with all versions of
> > > FreeBSD, as well as the perl5 packages/ports.  Does anyone know what
> > > the actual vulnerability is?
> > 
> > I don't, but thanks for bringing this up.  I was planning on bringing
> > this in but I forgot.  I just applied the suggested change to the
> > version of perl in -stable and -current, so it'll be in 2.1.5.
> 
> The port should be upgraded to 5.003 as well.

I'm not a ports dude. Send email to satoshi and/or gary about the ports.


Nate