From owner-freebsd-security Thu Apr 24 08:58:39 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id IAA12939 for security-outgoing; Thu, 24 Apr 1997 08:58:39 -0700 (PDT) Received: from phobos.frii.com (phobos.frii.com [204.144.241.1]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA12928 for ; Thu, 24 Apr 1997 08:58:35 -0700 (PDT) From: gnat@frii.com Received: from elara.frii.com (elara.frii.com [204.144.241.9]) by phobos.frii.com (8.8.5/8.8.4) with ESMTP id JAA22120; Thu, 24 Apr 1997 09:55:24 -0600 (MDT) Received: (from gnat@localhost) by elara.frii.com (8.8.5/8.6.9) id JAA07930; Thu, 24 Apr 1997 09:55:24 -0600 (MDT) Date: Thu, 24 Apr 1997 09:55:24 -0600 (MDT) Message-Id: <199704241555.JAA07930@elara.frii.com> To: Shadow Lord Cc: freebsd-security@freebsd.org Subject: Re: sperl buffer overflow In-Reply-To: <199704240541.BAA20967@insanity.dorm.umd.edu> References: <199704240541.BAA20967@insanity.dorm.umd.edu> Mime-Version: 1.0 (generated by tm-edit 7.103) Content-Type: text/plain; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Shadow Lord writes: > I cvsupped the latest 2.2 release, and it doesn't seem to have any > changes for sperl. Is this in the process of being fixed? As a paid-up memeber of the Perl Porters list, I can safely say that a fix for 5.003 (and a release of 5.004) are highly imminent. By that I mean, a week tops, but most likely within a day or two. Eagle eyed folks are going over the source with a fine-toothed comb looking for other buffer overflows even as we speak. Nat