From owner-freebsd-security@FreeBSD.ORG  Fri Mar 15 14:02:10 2013
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id B221F539
 for <freebsd-security@freebsd.org>; Fri, 15 Mar 2013 14:02:10 +0000 (UTC)
 (envelope-from moto@kawasaki3.org)
Received: from kawasaki3.org (blackpearl.kawasaki3.org [173.230.157.78])
 by mx1.freebsd.org (Postfix) with ESMTP id A30B829C
 for <freebsd-security@freebsd.org>; Fri, 15 Mar 2013 14:02:10 +0000 (UTC)
Received: from localhost (s253.HtokyoFL10.vectant.ne.jp [222.228.92.253])
 (Authenticated sender: moto)
 by kawasaki3.org (Postfix) with ESMTPSA id 9D0241CFFD;
 Fri, 15 Mar 2013 09:56:11 -0400 (EDT)
Date: Fri, 15 Mar 2013 22:55:49 +0900 (JST)
Message-Id: <20130315.225549.418353022350756440.moto@kawasaki3.org>
To: freebsd@tern.ru
Subject: Re: old perl vulnerabilitiy
From: moto kawasaki <moto@kawasaki3.org>
In-Reply-To: <1472823038.20130315173020@tern.ru>
References: <1472823038.20130315173020@tern.ru>
X-Mailer: Mew version 6.5 on Emacs 24.3.50 / Mule 6.0 (HANACHIRUSATO)
X-Face: )._4~w!_D$r6qNS0+;
 nS|]WNeI4f3o)QnH[ItB[esXuc$~hQ$.,?}$SnLe/[24Hao%^q/Is
 'SJtZe#21h;7z;q+iyj[^%7\46.Gg-t7.px<}L-f_:P+6i4-a{DIL[
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: freebsd-security@freebsd.org
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2013 14:02:10 -0000


Hi,

Did you try "portaudit -Fda", which downloads the newest portaudit
database.

portaudit downloads it once a couple of days by default, if my memory
is still working.
So, it could be your first node happens to download database today,
but not the other node.

Thank you!

-- 
moto kawasaki <moto@kawasaki3.org>


From: freebsd@tern.ru
To: freebsd-security@freebsd.org
Subject: old perl vulnerabilitiy
Date:Fri, 15 Mar 2013 17:30:20 +0400
Message-ID: <1472823038.20130315173020@tern.ru>

freebsd> Hello Freebsd-security,
freebsd> 
freebsd> I've got portaudit alarm on perl-5.8.9_7 with regard to
freebsd> 
freebsd> perl -- denial of service via algorithmic complexity attack on hashing routines.
freebsd> Reference: http://portaudit.FreeBSD.org/68c1f75b-8824-11e2-9996-c48508086173.html
freebsd> 
freebsd> But on the other server I have perl-threaded-5.8.9_7
freebsd> and portaudit thinks that it is OK (no problem)
freebsd> 
freebsd> Is it correct?
freebsd> It seems to me that threaded perl also should have the same problem.
freebsd> 
freebsd> Please advise.
freebsd> 
freebsd> PS.  I  know  that  it  is  old  and "unsupported" but I don't want to
freebsd>   upgrade   without  serious  reason.  And, any way, the "behavior" of
freebsd>   portaudit seems to me not correct.
freebsd> 
freebsd> 
freebsd> With best regards,
freebsd> Alexandre Krasnov.
freebsd> 
freebsd> 
freebsd> _______________________________________________
freebsd> freebsd-security@freebsd.org mailing list
freebsd> http://lists.freebsd.org/mailman/listinfo/freebsd-security
freebsd> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"