Date: Fri, 22 Jan 2010 11:54:08 +0000 From: Tom Hukins <tom@FreeBSD.org> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: rihad <rihad@mail.ru>, freebsd-ports@freebsd.org Subject: Re: Using Perl 5.8.8 Message-ID: <20100122115408.GY756@eborcom.com> In-Reply-To: <4B588EED.6080602@infracaninophile.co.uk> References: <4B587EBE.8040403@mail.ru> <4B588EED.6080602@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 21, 2010 at 05:29:17PM +0000, Matthew Seaman wrote: > portdowngrade is what you'ld have to use. However, perl-5.8.8 has known > security vulnerabilities: > > http://www.vuxml.org/freebsd/4a99d61c-f23a-11dd-9f55-0030843d3802.html It looks like VuXML might have got that wrong. The referenced CVE describes Perl 5.8.4 as fixing this bug: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0448 Furthermore, 5.8.9's release notes mention no security fixes: http://search.cpan.org/~nwclark/perl-5.8.9/pod/perl589delta.pod While I can't think of any good reason to prefer 5.8.8 over 5.8.9, the former has no known defects I would describe as "security vulnerabilities". Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100122115408.GY756>