From owner-freebsd-perl@FreeBSD.ORG Thu Jul 9 14:06:36 2009 Return-Path: Delivered-To: freebsd-perl@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 460111065686 for ; Thu, 9 Jul 2009 14:06:36 +0000 (UTC) (envelope-from tom@FreeBSD.org) Received: from eborcom.com (pochard.scrubhole.org [62.3.122.102]) by mx1.freebsd.org (Postfix) with SMTP id 8B2558FC1F for ; Thu, 9 Jul 2009 14:06:35 +0000 (UTC) (envelope-from tom@FreeBSD.org) Received: (qmail 36828 invoked by uid 1001); 9 Jul 2009 13:39:53 -0000 Date: Thu, 9 Jul 2009 14:39:53 +0100 From: Tom Hukins To: freebsd-perl@freebsd.org Message-ID: <20090709133953.GA36133@eborcom.com> Mail-Followup-To: freebsd-perl@freebsd.org References: <20090708052650.GA30758@sorry.mine.nu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20090708052650.GA30758@sorry.mine.nu> User-Agent: Mutt/1.4.2.2i Subject: Re: perl5.10 and CVE-2009-1391 X-BeenThere: freebsd-perl@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: maintainer of a number of perl-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jul 2009 14:06:36 -0000 On Wed, Jul 08, 2009 at 07:26:50AM +0200, olli hauer wrote: > I found an entry for CVE entry for perl5.10 while patching my OpenBSD > systems. > > Quick compare between OpenBSD perl (patched) and FreeBSD port. I agree this patch looks right, but only because it's the fix that the perl5-porters applied for this problem: http://perl5.git.perl.org/perl.git/commitdiff/7efcbeefb3812bba5ff588d00b309f3591f5df08?hp=c966426a3bb6619c8372ea83168fa58260cf133b FreeBSD should obtain bug fixes directly from software authors, not from other third party distributors. It's worth noting that FreeBSD users can also avoid this issue by upgrading to version 2.017 or above of the archivers/Compress-Raw-Zlib port. Tom