perl vunlnerabilities
Wesley Shields
wxs at atarininja.org
Wed Nov 7 16:16:30 PST 2007
On Wed, Nov 07, 2007 at 02:55:08PM -0500, Wesley Shields wrote:
> On Wed, Nov 07, 2007 at 08:22:23AM -0500, Andy Greenwood wrote:
> > I got the notice this morning like I'm sure a lot of others did, but I had
> > a question. My home computer didn't show anything even after running
> > portaudit -Fa, and I wondered if this is because I'm running perl-threaded
> > on that box. It seems that I should have been notified, since I find it
> > rather unlikely that defining WITH_THREADS changes the regex engine it
> > uses. I have not looked at any code, so this is a wild guess. I'm updating
> > all my perls just in case, but I thought someone should know in case the
> > portaudit db needs to be updated.
>
> The package name changes if you're using threads...
>
> 92 .if defined(WITH_THREADS)
> 93 #XXX .if ${ARCH} == "amd64"
> 94 #XXX IGNORE= Threaded perl does not pass tests on ${ARCH}
> 95 #XXX .endif
> 96 CONFIGURE_ARGS+= -Dusethreads=y
> 97 PKGNAMESUFFIX= -threaded
> 98 # it seems perl malloc has problems with threaded perl on FreeBSD
> 99 .undef WITH_PERL_MALLOC
> 100 .else
> 101 CONFIGURE_ARGS+= -Dusethreads=n
> 102 .endif
>
> Not knowing how portaudit, vuxml, and friends work... Could this be the
> cause?
I just noticed this was addressed:
http://cvsweb.FreeBSD.org/ports/security/vuxml/vuln.xml.diff?r1=1.1468&r2=1.1469
-- WXS
More information about the freebsd-ports
mailing list