Date: Fri, 15 Mar 2013 22:55:49 +0900 (JST) From: moto kawasaki <moto@kawasaki3.org> To: freebsd@tern.ru Cc: freebsd-security@freebsd.org Subject: Re: old perl vulnerabilitiy Message-ID: <20130315.225549.418353022350756440.moto@kawasaki3.org> In-Reply-To: <1472823038.20130315173020@tern.ru> References: <1472823038.20130315173020@tern.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Did you try "portaudit -Fda", which downloads the newest portaudit database. portaudit downloads it once a couple of days by default, if my memory is still working. So, it could be your first node happens to download database today, but not the other node. Thank you! -- moto kawasaki <moto@kawasaki3.org> From: freebsd@tern.ru To: freebsd-security@freebsd.org Subject: old perl vulnerabilitiy Date:Fri, 15 Mar 2013 17:30:20 +0400 Message-ID: <1472823038.20130315173020@tern.ru> freebsd> Hello Freebsd-security, freebsd> freebsd> I've got portaudit alarm on perl-5.8.9_7 with regard to freebsd> freebsd> perl -- denial of service via algorithmic complexity attack on hashing routines. freebsd> Reference: http://portaudit.FreeBSD.org/68c1f75b-8824-11e2-9996-c48508086173.html freebsd> freebsd> But on the other server I have perl-threaded-5.8.9_7 freebsd> and portaudit thinks that it is OK (no problem) freebsd> freebsd> Is it correct? freebsd> It seems to me that threaded perl also should have the same problem. freebsd> freebsd> Please advise. freebsd> freebsd> PS. I know that it is old and "unsupported" but I don't want to freebsd> upgrade without serious reason. And, any way, the "behavior" of freebsd> portaudit seems to me not correct. freebsd> freebsd> freebsd> With best regards, freebsd> Alexandre Krasnov. freebsd> freebsd> freebsd> _______________________________________________ freebsd> freebsd-security@freebsd.org mailing list freebsd> http://lists.freebsd.org/mailman/listinfo/freebsd-security freebsd> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130315.225549.418353022350756440.moto>