maintainer-feedback requested: [Bug 211816] devel/p5-XSLoader remove or update the perl5* <package> section of vuxml.xml
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Aug 13 20:04:10 UTC 2016
dereks at lifeofadishwasher.com has reassigned Bugzilla Automation
<bugzilla at FreeBSD.org>'s request for maintainer-feedback to perl at FreeBSD.org:
Bug 211816: devel/p5-XSLoader remove or update the perl5* <package> section of
vuxml.xml
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211816
--- Description ---
With the release of perl5.{18.4_23,20.3_14,22.3.r2,24.1.r2} and
perl-devel-5.25.3.18 to address CVE-2016-1238 should devel/p5-XSLoader remove
or update the perl5* entries from vid 72bfbb09-5a6a-11e6-a6c3-14dae9d210b8 such
that if you don't have devel/p5-XSLoader installed pkg-audit doesn't trigger
and vulnerably message.
# pkg audit -F
...
perl5-5.20.3_14 is vulnerable:
p5-XSLoader -- local arbitrary code execution
CVE: CVE-2016-6185
WWW:
https://vuxml.FreeBSD.org/freebsd/3e08047f-5a6c-11e6-a6c3-14dae9d210b8.html
...
$ pkg info -x p5-XSLoader
pkg: No package(s) matching p5-XSLoader
It seems that pkg-audit shouldn't be triggered here.
More information about the freebsd-perl
mailing list