Using Perl 5.8.8
Tom Hukins
tom at FreeBSD.org
Fri Jan 22 15:46:45 UTC 2010
On Fri, Jan 22, 2010 at 11:54:08AM +0000, Tom Hukins wrote:
> On Thu, Jan 21, 2010 at 05:29:17PM +0000, Matthew Seaman wrote:
> > portdowngrade is what you'ld have to use. However, perl-5.8.8 has known
> > security vulnerabilities:
> >
> > http://www.vuxml.org/freebsd/4a99d61c-f23a-11dd-9f55-0030843d3802.html
>
> It looks like VuXML might have got that wrong. The referenced CVE
> describes Perl 5.8.4 as fixing this bug:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0448
It looks like I didn't read carefully enough: the vulnerability in
rmtree() also exists in 5.8.8:
http://www.vuxml.org/freebsd/13b0c8c8-bee0-11dd-a708-001fc66e7203.html
Apologies,
Tom
More information about the freebsd-ports
mailing list