Date: Fri, 22 Jan 2010 15:46:39 +0000 From: Tom Hukins <tom@FreeBSD.org> To: Matthew Seaman <m.seaman@infracaninophile.co.uk>, rihad <rihad@mail.ru>, freebsd-ports@freebsd.org Subject: Re: Using Perl 5.8.8 Message-ID: <20100122154639.GA756@eborcom.com> In-Reply-To: <20100122115408.GY756@eborcom.com> References: <4B587EBE.8040403@mail.ru> <4B588EED.6080602@infracaninophile.co.uk> <20100122115408.GY756@eborcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 22, 2010 at 11:54:08AM +0000, Tom Hukins wrote: > On Thu, Jan 21, 2010 at 05:29:17PM +0000, Matthew Seaman wrote: > > portdowngrade is what you'ld have to use. However, perl-5.8.8 has known > > security vulnerabilities: > > > > http://www.vuxml.org/freebsd/4a99d61c-f23a-11dd-9f55-0030843d3802.html > > It looks like VuXML might have got that wrong. The referenced CVE > describes Perl 5.8.4 as fixing this bug: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0448 It looks like I didn't read carefully enough: the vulnerability in rmtree() also exists in 5.8.8: http://www.vuxml.org/freebsd/13b0c8c8-bee0-11dd-a708-001fc66e7203.html Apologies, Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100122154639.GA756>