Date: Mon, 18 Mar 2013 18:46:56 +0400 From: freebsd@tern.ru To: Ryan Steinmetz <zi@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: old perl vulnerabilitiy Message-ID: <1019401689.20130318184656@tern.ru> In-Reply-To: <20130315135454.GA41210@exodus.zi0r.com> References: <1472823038.20130315173020@tern.ru> <20130315135454.GA41210@exodus.zi0r.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you. Now it's fixed. RS> On (03/15/13 17:30), freebsd@tern.ru wrote: >>Hello Freebsd-security, >> >>I've got portaudit alarm on perl-5.8.9_7 with regard to >> >>perl -- denial of service via algorithmic complexity attack on hashing routines. >>Reference: http://portaudit.FreeBSD.org/68c1f75b-8824-11e2-9996-c48508086173.html >> >>But on the other server I have perl-threaded-5.8.9_7 >>and portaudit thinks that it is OK (no problem) >> >>Is it correct? >>It seems to me that threaded perl also should have the same problem. >> RS> It does have the same issue. I've corrected the VuXML entry and you RS> should see updated portaudit results within 30 minutes. Your 5.8.9 RS> perl-threaded installation should also show up as vulnerable to the same RS> issue. RS> Thanks! RS> -r >>Please advise. >> >>PS. I know that it is old and "unsupported" but I don't want to >> upgrade without serious reason. And, any way, the "behavior" of >> portaudit seems to me not correct. >> >> >>With best regards, >>Alexandre Krasnov. >> >> >>_______________________________________________ >>freebsd-security@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-security >>To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" Alexander Krasnov.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1019401689.20130318184656>