Date: Thu, 9 Jul 2009 14:39:53 +0100 From: Tom Hukins <tom@FreeBSD.org> To: freebsd-perl@freebsd.org Subject: Re: perl5.10 and CVE-2009-1391 Message-ID: <20090709133953.GA36133@eborcom.com> In-Reply-To: <20090708052650.GA30758@sorry.mine.nu> References: <20090708052650.GA30758@sorry.mine.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 08, 2009 at 07:26:50AM +0200, olli hauer wrote: > I found an entry for CVE entry for perl5.10 while patching my OpenBSD > systems. > > Quick compare between OpenBSD perl (patched) and FreeBSD port. I agree this patch looks right, but only because it's the fix that the perl5-porters applied for this problem: http://perl5.git.perl.org/perl.git/commitdiff/7efcbeefb3812bba5ff588d00b309f3591f5df08?hp=c966426a3bb6619c8372ea83168fa58260cf133b FreeBSD should obtain bug fixes directly from software authors, not from other third party distributors. It's worth noting that FreeBSD users can also avoid this issue by upgrading to version 2.017 or above of the archivers/Compress-Raw-Zlib port. Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090709133953.GA36133>