perl5.10 and CVE-2009-1391
Tom Hukins
tom at FreeBSD.org
Thu Jul 9 14:06:36 UTC 2009
On Wed, Jul 08, 2009 at 07:26:50AM +0200, olli hauer wrote:
> I found an entry for CVE entry for perl5.10 while patching my OpenBSD
> systems.
>
> Quick compare between OpenBSD perl (patched) and FreeBSD port.
I agree this patch looks right, but only because it's the fix that the
perl5-porters applied for this problem:
http://perl5.git.perl.org/perl.git/commitdiff/7efcbeefb3812bba5ff588d00b309f3591f5df08?hp=c966426a3bb6619c8372ea83168fa58260cf133b
FreeBSD should obtain bug fixes directly from software authors, not
from other third party distributors.
It's worth noting that FreeBSD users can also avoid this issue by
upgrading to version 2.017 or above of the archivers/Compress-Raw-Zlib
port.
Tom
More information about the freebsd-perl
mailing list