From owner-freebsd-perl@freebsd.org  Thu Jun  1 03:29:49 2017
Return-Path: <owner-freebsd-perl@freebsd.org>
Delivered-To: freebsd-perl@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A267BF35FB
 for <freebsd-perl@mailman.ysv.freebsd.org>;
 Thu,  1 Jun 2017 03:29:49 +0000 (UTC) (envelope-from lists@opsec.eu)
Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 687207884F
 for <freebsd-perl@freebsd.org>; Thu,  1 Jun 2017 03:29:49 +0000 (UTC)
 (envelope-from lists@opsec.eu)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 679DEBF35FA; Thu,  1 Jun 2017 03:29:49 +0000 (UTC)
Delivered-To: perl@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 67144BF35F9
 for <perl@mailman.ysv.freebsd.org>; Thu,  1 Jun 2017 03:29:49 +0000 (UTC)
 (envelope-from lists@opsec.eu)
Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 305987884E
 for <perl@freebsd.org>; Thu,  1 Jun 2017 03:29:49 +0000 (UTC)
 (envelope-from lists@opsec.eu)
Received: from pi by home.opsec.eu with local (Exim 4.89 (FreeBSD))
 (envelope-from <lists@opsec.eu>)
 id 1dGGnx-0009LD-I4; Thu, 01 Jun 2017 05:29:45 +0200
Date: Thu, 1 Jun 2017 05:29:45 +0200
From: Kurt Jaeger <lists@opsec.eu>
To: James E Keenan <jkeenan@pobox.com>
Cc: perl@freebsd.org
Subject: Re: Perl extension File-Path: vulnerability in two functions:
 CVE-2017-6512
Message-ID: <20170601032945.GG43031@home.opsec.eu>
References: <bea10dd0-fe1d-9c44-1b5d-92e872cb64cb@pobox.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <bea10dd0-fe1d-9c44-1b5d-92e872cb64cb@pobox.com>
X-BeenThere: freebsd-perl@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: maintainer of a number of perl-related ports
 <freebsd-perl.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-perl>,
 <mailto:freebsd-perl-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-perl/>
List-Post: <mailto:freebsd-perl@freebsd.org>
List-Help: <mailto:freebsd-perl-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-perl>,
 <mailto:freebsd-perl-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jun 2017 03:29:49 -0000

Hi!

> A vulnerability has been reported in Perl extension File-Path 
> (http://search.cpan.org/dist/File-Path/) versions 2.12 and earlier.
[...]
> This is the first time I have had to report a security vulnerability, so 
> I don't claim to fully grasp the protocol for making such a report.  If 
> there is a better email address or other way to make this report, please 
> let me know.

I've committed an update to 2.13 for the port devel/p5-File-Path.

In general, it helps if you submit a problem report via bugs.freebsd.org,
to track the issue.

-- 
pi@opsec.eu            +49 171 3101372                         3 years to go !