old perl vulnerabilitiy
freebsd at tern.ru
freebsd at tern.ru
Mon Mar 18 14:47:08 UTC 2013
Thank you. Now it's fixed.
RS> On (03/15/13 17:30), freebsd at tern.ru wrote:
>>Hello Freebsd-security,
>>
>>I've got portaudit alarm on perl-5.8.9_7 with regard to
>>
>>perl -- denial of service via algorithmic complexity attack on hashing routines.
>>Reference: http://portaudit.FreeBSD.org/68c1f75b-8824-11e2-9996-c48508086173.html
>>
>>But on the other server I have perl-threaded-5.8.9_7
>>and portaudit thinks that it is OK (no problem)
>>
>>Is it correct?
>>It seems to me that threaded perl also should have the same problem.
>>
RS> It does have the same issue. I've corrected the VuXML entry and you
RS> should see updated portaudit results within 30 minutes. Your 5.8.9
RS> perl-threaded installation should also show up as vulnerable to the same
RS> issue.
RS> Thanks!
RS> -r
>>Please advise.
>>
>>PS. I know that it is old and "unsupported" but I don't want to
>> upgrade without serious reason. And, any way, the "behavior" of
>> portaudit seems to me not correct.
>>
>>
>>With best regards,
>>Alexandre Krasnov.
>>
>>
>>_______________________________________________
>>freebsd-security at freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>>To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
Alexander Krasnov.
More information about the freebsd-security
mailing list