svn commit: r420120 - head/security/vuxml
Matthew Seaman
matthew at FreeBSD.org
Fri Aug 12 10:56:13 UTC 2016
Author: matthew
Date: Fri Aug 12 10:56:12 2016
New Revision: 420120
URL: https://svnweb.freebsd.org/changeset/ports/420120
Log:
The perl5 release candidate versions also address the XSLoader local
arbitrary code execution vulnerability (CVE-2016-6185), as documented
in perldelta(1)
So perl5.22-5.22.3.r2 and perl5.24-5.24.1.r2 are not vulnerable.
I can't confirm if the updates to perl5.18 and perl5.20 also solve the
XSLoader bug or not but by inspection of the source code, I don't
believe that to be the case.
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri Aug 12 09:18:47 2016 (r420119)
+++ head/security/vuxml/vuln.xml Fri Aug 12 10:56:12 2016 (r420120)
@@ -2212,8 +2212,8 @@ Notes:
<name>perl5.24</name>
<range><ge>5.18</ge><lt>5.18.99</lt></range>
<range><ge>5.20</ge><lt>5.20.99</lt></range>
- <range><ge>5.22</ge><lt>5.22.3</lt></range>
- <range><ge>5.24</ge><lt>5.24.1</lt></range>
+ <range><ge>5.22</ge><lt>5.22.3.r2</lt></range>
+ <range><ge>5.24</ge><lt>5.24.1.r2</lt></range>
</package>
<package>
<name>perl5-devel</name>
@@ -2240,7 +2240,7 @@ Notes:
<dates>
<discovery>2016-06-30</discovery>
<entry>2016-08-04</entry>
- <modified>2016-08-05</modified>
+ <modified>2016-08-12</modified>
</dates>
</vuln>
More information about the svn-ports-all
mailing list