[Bug 211816] devel/p5-XSLoader remove or update the perl5* <package> section of vuxml.xml

Sat Aug 13 20:04:10 UTC 2016

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211816

            Bug ID: 211816
           Summary: devel/p5-XSLoader remove or update the perl5*
                    <package> section of vuxml.xml
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: perl at FreeBSD.org
          Reporter: dereks at lifeofadishwasher.com
             Flags: maintainer-feedback?(perl at FreeBSD.org)
          Assignee: perl at FreeBSD.org

With the release of perl5.{18.4_23,20.3_14,22.3.r2,24.1.r2} and
perl-devel-5.25.3.18 to address CVE-2016-1238 should devel/p5-XSLoader remove
or update the perl5* entries from vid 72bfbb09-5a6a-11e6-a6c3-14dae9d210b8 such
that if you don't have devel/p5-XSLoader installed pkg-audit doesn't trigger
and vulnerably message.

# pkg audit -F

...
perl5-5.20.3_14 is vulnerable:
p5-XSLoader -- local arbitrary code execution
CVE: CVE-2016-6185
WWW:
https://vuxml.FreeBSD.org/freebsd/3e08047f-5a6c-11e6-a6c3-14dae9d210b8.html
...

$ pkg info -x p5-XSLoader
pkg: No package(s) matching p5-XSLoader

It seems that pkg-audit shouldn't be triggered here.

-- 
You are receiving this mail because:
You are the assignee for the bug.