From owner-freebsd-security@FreeBSD.ORG Mon Mar 18 14:47:08 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 999EFCCF for ; Mon, 18 Mar 2013 14:47:08 +0000 (UTC) (envelope-from freebsd@tern.ru) Received: from ns.tern.ru (ns.tern.ru [89.175.165.150]) by mx1.freebsd.org (Postfix) with ESMTP id 0D246F22 for ; Mon, 18 Mar 2013 14:47:07 +0000 (UTC) Received: from mail.tern.ru (mail.tern.ru [192.168.1.140]) by ns.tern.ru (X/X) with ESMTP id r2IEkxc7025986 for ; Mon, 18 Mar 2013 18:46:59 +0400 (MSK) Received: from mail.tern.ru (root@localhost) by mail.tern.ru (X/X) with SMTP id r2IEkwjR059025 for ; Mon, 18 Mar 2013 18:46:58 +0400 (MSK) Received: from localhost (snork.tern.ru [192.168.1.133]) by mail.tern.ru (X/X) with ESMTP id r2IEkvZW059020; Mon, 18 Mar 2013 18:46:57 +0400 (MSK) Date: Mon, 18 Mar 2013 18:46:56 +0400 From: freebsd@tern.ru Organization: Tern X-Priority: 3 (Normal) Message-ID: <1019401689.20130318184656@tern.ru> To: Ryan Steinmetz Subject: Re: old perl vulnerabilitiy In-Reply-To: <20130315135454.GA41210@exodus.zi0r.com> References: <1472823038.20130315173020@tern.ru> <20130315135454.GA41210@exodus.zi0r.com> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: freebsd@tern.ru List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Mar 2013 14:47:08 -0000 Thank you. Now it's fixed. RS> On (03/15/13 17:30), freebsd@tern.ru wrote: >>Hello Freebsd-security, >> >>I've got portaudit alarm on perl-5.8.9_7 with regard to >> >>perl -- denial of service via algorithmic complexity attack on hashing routines. >>Reference: http://portaudit.FreeBSD.org/68c1f75b-8824-11e2-9996-c48508086173.html >> >>But on the other server I have perl-threaded-5.8.9_7 >>and portaudit thinks that it is OK (no problem) >> >>Is it correct? >>It seems to me that threaded perl also should have the same problem. >> RS> It does have the same issue. I've corrected the VuXML entry and you RS> should see updated portaudit results within 30 minutes. Your 5.8.9 RS> perl-threaded installation should also show up as vulnerable to the same RS> issue. RS> Thanks! RS> -r >>Please advise. >> >>PS. I know that it is old and "unsupported" but I don't want to >> upgrade without serious reason. And, any way, the "behavior" of >> portaudit seems to me not correct. >> >> >>With best regards, >>Alexandre Krasnov. >> >> >>_______________________________________________ >>freebsd-security@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-security >>To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" Alexander Krasnov.