From owner-freebsd-ports@FreeBSD.ORG Fri Jan 22 15:46:45 2010 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2BE4F1065670 for ; Fri, 22 Jan 2010 15:46:45 +0000 (UTC) (envelope-from tom@FreeBSD.org) Received: from eborcom.com (pochard.scrubhole.org [62.3.122.102]) by mx1.freebsd.org (Postfix) with SMTP id 74E1D8FC0C for ; Fri, 22 Jan 2010 15:46:43 +0000 (UTC) Received: (qmail 61075 invoked by uid 1001); 22 Jan 2010 15:46:39 -0000 Date: Fri, 22 Jan 2010 15:46:39 +0000 From: Tom Hukins To: Matthew Seaman , rihad , freebsd-ports@freebsd.org Message-ID: <20100122154639.GA756@eborcom.com> Mail-Followup-To: Matthew Seaman , rihad , freebsd-ports@freebsd.org References: <4B587EBE.8040403@mail.ru> <4B588EED.6080602@infracaninophile.co.uk> <20100122115408.GY756@eborcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20100122115408.GY756@eborcom.com> User-Agent: Mutt/1.4.2.2i Cc: Subject: Re: Using Perl 5.8.8 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jan 2010 15:46:45 -0000 On Fri, Jan 22, 2010 at 11:54:08AM +0000, Tom Hukins wrote: > On Thu, Jan 21, 2010 at 05:29:17PM +0000, Matthew Seaman wrote: > > portdowngrade is what you'ld have to use. However, perl-5.8.8 has known > > security vulnerabilities: > > > > http://www.vuxml.org/freebsd/4a99d61c-f23a-11dd-9f55-0030843d3802.html > > It looks like VuXML might have got that wrong. The referenced CVE > describes Perl 5.8.4 as fixing this bug: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0448 It looks like I didn't read carefully enough: the vulnerability in rmtree() also exists in 5.8.8: http://www.vuxml.org/freebsd/13b0c8c8-bee0-11dd-a708-001fc66e7203.html Apologies, Tom