old perl vulnerabilitiy
freebsd at tern.ru
freebsd at tern.ru
Fri Mar 15 13:40:27 UTC 2013
Hello Freebsd-security,
I've got portaudit alarm on perl-5.8.9_7 with regard to
perl -- denial of service via algorithmic complexity attack on hashing routines.
Reference: http://portaudit.FreeBSD.org/68c1f75b-8824-11e2-9996-c48508086173.html
But on the other server I have perl-threaded-5.8.9_7
and portaudit thinks that it is OK (no problem)
Is it correct?
It seems to me that threaded perl also should have the same problem.
Please advise.
PS. I know that it is old and "unsupported" but I don't want to
upgrade without serious reason. And, any way, the "behavior" of
portaudit seems to me not correct.
With best regards,
Alexandre Krasnov.
More information about the freebsd-security
mailing list