From owner-freebsd-perl@freebsd.org Sun Oct 4 11:50:04 2015 Return-Path: Delivered-To: freebsd-perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BE6E7A0EA1B for ; Sun, 4 Oct 2015 11:50:04 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id A8CA914ED for ; Sun, 4 Oct 2015 11:50:04 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id A74E8A0EA1A; Sun, 4 Oct 2015 11:50:04 +0000 (UTC) Delivered-To: perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A5F3CA0EA19 for ; Sun, 4 Oct 2015 11:50:04 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from portscout.freebsd.org (portscout.freebsd.org [IPv6:2001:1900:2254:206a::50:6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 955D814EC for ; Sun, 4 Oct 2015 11:50:04 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from portscout.freebsd.org ([127.0.1.123]) by portscout.freebsd.org (8.15.2/8.15.2) with ESMTP id t94Bo4Km080105 for ; Sun, 4 Oct 2015 11:50:04 GMT (envelope-from portscout@FreeBSD.org) Received: (from portscout@localhost) by portscout.freebsd.org (8.15.2/8.15.2/Submit) id t94Bo4oI080104; Sun, 4 Oct 2015 11:50:04 GMT (envelope-from portscout@FreeBSD.org) Message-Id: <201510041150.t94Bo4oI080104@portscout.freebsd.org> X-Authentication-Warning: portscout.freebsd.org: portscout set sender to portscout@FreeBSD.org using -f Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 Date: Sun, 4 Oct 2015 11:50:04 +0000 From: portscout@FreeBSD.org To: perl@freebsd.org Subject: FreeBSD ports you maintain which are out of date X-Mailer: portscout/0.8.1 X-BeenThere: freebsd-perl@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: maintainer of a number of perl-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2015 11:50:04 -0000 Dear port maintainer, The portscout new distfile checker has detected that one or more of your ports appears to be out of date. Please take the opportunity to check each of the ports listed below, and if possible and appropriate, submit/commit an update. If any ports have already been updated, you can safely ignore the entry. You will not be e-mailed again for any of the port/version combinations below. Full details can be found at the following URL: http://portscout.freebsd.org/perl@freebsd.org.html Port | Current version | New version ------------------------------------------------+-----------------+------------ devel/p5-Minion | 2.0 | 2.01 ------------------------------------------------+-----------------+------------ devel/p5-Perl6-Export-Attrs | 0.0.3 | 0.000004 ------------------------------------------------+-----------------+------------ If any of the above results are invalid, please check the following page for details on how to improve portscout's detection and selection of distfiles on a per-port basis: http://portscout.freebsd.org/info/portscout-portconfig.txt Thanks. From owner-freebsd-perl@freebsd.org Tue Oct 6 11:19:43 2015 Return-Path: Delivered-To: freebsd-perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DC9439D02F8 for ; Tue, 6 Oct 2015 11:19:43 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id C63E494C for ; Tue, 6 Oct 2015 11:19:43 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id C5BFB9D02F7; Tue, 6 Oct 2015 11:19:43 +0000 (UTC) Delivered-To: perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C56049D02F5 for ; Tue, 6 Oct 2015 11:19:43 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from portscout.freebsd.org (portscout.freebsd.org [IPv6:2001:1900:2254:206a::50:6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B669A94B for ; Tue, 6 Oct 2015 11:19:43 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from portscout.freebsd.org ([127.0.1.123]) by portscout.freebsd.org (8.15.2/8.15.2) with ESMTP id t96BJhbe055123 for ; Tue, 6 Oct 2015 11:19:43 GMT (envelope-from portscout@FreeBSD.org) Received: (from portscout@localhost) by portscout.freebsd.org (8.15.2/8.15.2/Submit) id t96BJh67055122; Tue, 6 Oct 2015 11:19:43 GMT (envelope-from portscout@FreeBSD.org) Message-Id: <201510061119.t96BJh67055122@portscout.freebsd.org> X-Authentication-Warning: portscout.freebsd.org: portscout set sender to portscout@FreeBSD.org using -f Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 Date: Tue, 6 Oct 2015 11:19:43 +0000 From: portscout@FreeBSD.org To: perl@freebsd.org Subject: FreeBSD ports you maintain which are out of date X-Mailer: portscout/0.8.1 X-BeenThere: freebsd-perl@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: maintainer of a number of perl-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2015 11:19:44 -0000 Dear port maintainer, The portscout new distfile checker has detected that one or more of your ports appears to be out of date. Please take the opportunity to check each of the ports listed below, and if possible and appropriate, submit/commit an update. If any ports have already been updated, you can safely ignore the entry. You will not be e-mailed again for any of the port/version combinations below. Full details can be found at the following URL: http://portscout.freebsd.org/perl@freebsd.org.html Port | Current version | New version ------------------------------------------------+-----------------+------------ devel/p5-DateTime-Format-Strptime | 1.56 | 1.57 ------------------------------------------------+-----------------+------------ devel/p5-Variable-Magic | 0.58 | 0.59 ------------------------------------------------+-----------------+------------ security/p5-Crypt-SMIME | 0.15 | 0.16 ------------------------------------------------+-----------------+------------ textproc/p5-WordNet-Similarity | 2.05 | 2.07 ------------------------------------------------+-----------------+------------ www/p5-Catalyst-View-TT | 0.43 | 0.44 ------------------------------------------------+-----------------+------------ If any of the above results are invalid, please check the following page for details on how to improve portscout's detection and selection of distfiles on a per-port basis: http://portscout.freebsd.org/info/portscout-portconfig.txt Thanks. From owner-freebsd-perl@freebsd.org Wed Oct 7 10:59:41 2015 Return-Path: Delivered-To: freebsd-perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D090D9D1204 for ; Wed, 7 Oct 2015 10:59:41 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id BA50435B for ; Wed, 7 Oct 2015 10:59:41 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id B9E0B9D1203; Wed, 7 Oct 2015 10:59:41 +0000 (UTC) Delivered-To: perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B98539D1202 for ; Wed, 7 Oct 2015 10:59:41 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from portscout.freebsd.org (portscout.freebsd.org [IPv6:2001:1900:2254:206a::50:6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AA78D35A for ; Wed, 7 Oct 2015 10:59:41 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from portscout.freebsd.org ([127.0.1.123]) by portscout.freebsd.org (8.15.2/8.15.2) with ESMTP id t97Axffj088246 for ; Wed, 7 Oct 2015 10:59:41 GMT (envelope-from portscout@FreeBSD.org) Received: (from portscout@localhost) by portscout.freebsd.org (8.15.2/8.15.2/Submit) id t97Axf7v088245; Wed, 7 Oct 2015 10:59:41 GMT (envelope-from portscout@FreeBSD.org) Message-Id: <201510071059.t97Axf7v088245@portscout.freebsd.org> X-Authentication-Warning: portscout.freebsd.org: portscout set sender to portscout@FreeBSD.org using -f Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 Date: Wed, 7 Oct 2015 10:59:41 +0000 From: portscout@FreeBSD.org To: perl@freebsd.org Subject: FreeBSD ports you maintain which are out of date X-Mailer: portscout/0.8.1 X-BeenThere: freebsd-perl@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: maintainer of a number of perl-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2015 10:59:41 -0000 Dear port maintainer, The portscout new distfile checker has detected that one or more of your ports appears to be out of date. Please take the opportunity to check each of the ports listed below, and if possible and appropriate, submit/commit an update. If any ports have already been updated, you can safely ignore the entry. You will not be e-mailed again for any of the port/version combinations below. Full details can be found at the following URL: http://portscout.freebsd.org/perl@freebsd.org.html Port | Current version | New version ------------------------------------------------+-----------------+------------ databases/p5-Mojo-Pg | 2.11 | 2.12 ------------------------------------------------+-----------------+------------ devel/p5-Parse-CPAN-Packages-Fast | 0.08 | 0.09 ------------------------------------------------+-----------------+------------ net/p5-SOAP-XML-Client | 2.8 | 2.26 ------------------------------------------------+-----------------+------------ If any of the above results are invalid, please check the following page for details on how to improve portscout's detection and selection of distfiles on a per-port basis: http://portscout.freebsd.org/info/portscout-portconfig.txt Thanks. From owner-freebsd-perl@freebsd.org Thu Oct 8 10:45:29 2015 Return-Path: Delivered-To: freebsd-perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 130429D224C for ; Thu, 8 Oct 2015 10:45:29 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id F0FDF10E9 for ; Thu, 8 Oct 2015 10:45:28 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id F04E99D224A; Thu, 8 Oct 2015 10:45:28 +0000 (UTC) Delivered-To: perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EF16E9D2249 for ; Thu, 8 Oct 2015 10:45:28 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from portscout.freebsd.org (portscout.freebsd.org [IPv6:2001:1900:2254:206a::50:6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E052110E8 for ; Thu, 8 Oct 2015 10:45:28 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from portscout.freebsd.org ([127.0.1.123]) by portscout.freebsd.org (8.15.2/8.15.2) with ESMTP id t98AjS3p093059 for ; Thu, 8 Oct 2015 10:45:28 GMT (envelope-from portscout@FreeBSD.org) Received: (from portscout@localhost) by portscout.freebsd.org (8.15.2/8.15.2/Submit) id t98AjSJU093058; Thu, 8 Oct 2015 10:45:28 GMT (envelope-from portscout@FreeBSD.org) Message-Id: <201510081045.t98AjSJU093058@portscout.freebsd.org> X-Authentication-Warning: portscout.freebsd.org: portscout set sender to portscout@FreeBSD.org using -f Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 Date: Thu, 8 Oct 2015 10:45:28 +0000 From: portscout@FreeBSD.org To: perl@freebsd.org Subject: FreeBSD ports you maintain which are out of date X-Mailer: portscout/0.8.1 X-BeenThere: freebsd-perl@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: maintainer of a number of perl-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2015 10:45:29 -0000 Dear port maintainer, The portscout new distfile checker has detected that one or more of your ports appears to be out of date. Please take the opportunity to check each of the ports listed below, and if possible and appropriate, submit/commit an update. If any ports have already been updated, you can safely ignore the entry. You will not be e-mailed again for any of the port/version combinations below. Full details can be found at the following URL: http://portscout.freebsd.org/perl@freebsd.org.html Port | Current version | New version ------------------------------------------------+-----------------+------------ devel/p5-namespace-clean | 0.25 | 0.26 ------------------------------------------------+-----------------+------------ If any of the above results are invalid, please check the following page for details on how to improve portscout's detection and selection of distfiles on a per-port basis: http://portscout.freebsd.org/info/portscout-portconfig.txt Thanks. From owner-freebsd-perl@freebsd.org Fri Oct 9 11:05:17 2015 Return-Path: Delivered-To: freebsd-perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CAEA89D2132 for ; Fri, 9 Oct 2015 11:05:17 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id B4C07B73 for ; Fri, 9 Oct 2015 11:05:17 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id B41569D2130; Fri, 9 Oct 2015 11:05:17 +0000 (UTC) Delivered-To: perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B2D5B9D212F for ; Fri, 9 Oct 2015 11:05:17 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from portscout.freebsd.org (portscout.freebsd.org [IPv6:2001:1900:2254:206a::50:6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A402EB72 for ; Fri, 9 Oct 2015 11:05:17 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from portscout.freebsd.org ([127.0.1.123]) by portscout.freebsd.org (8.15.2/8.15.2) with ESMTP id t99B5Hv5092901 for ; Fri, 9 Oct 2015 11:05:17 GMT (envelope-from portscout@FreeBSD.org) Received: (from portscout@localhost) by portscout.freebsd.org (8.15.2/8.15.2/Submit) id t99B5HST092900; Fri, 9 Oct 2015 11:05:17 GMT (envelope-from portscout@FreeBSD.org) Message-Id: <201510091105.t99B5HST092900@portscout.freebsd.org> X-Authentication-Warning: portscout.freebsd.org: portscout set sender to portscout@FreeBSD.org using -f Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 Date: Fri, 9 Oct 2015 11:05:17 +0000 From: portscout@FreeBSD.org To: perl@freebsd.org Subject: FreeBSD ports you maintain which are out of date X-Mailer: portscout/0.8.1 X-BeenThere: freebsd-perl@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: maintainer of a number of perl-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2015 11:05:17 -0000 Dear port maintainer, The portscout new distfile checker has detected that one or more of your ports appears to be out of date. Please take the opportunity to check each of the ports listed below, and if possible and appropriate, submit/commit an update. If any ports have already been updated, you can safely ignore the entry. You will not be e-mailed again for any of the port/version combinations below. Full details can be found at the following URL: http://portscout.freebsd.org/perl@freebsd.org.html Port | Current version | New version ------------------------------------------------+-----------------+------------ databases/p5-Tangram | 2.10 | 2.11 ------------------------------------------------+-----------------+------------ devel/p5-MooseX-Role-WithOverloading | 0.16 | 0.17 ------------------------------------------------+-----------------+------------ textproc/p5-Text-Similarity | 0.11 | 0.13 ------------------------------------------------+-----------------+------------ If any of the above results are invalid, please check the following page for details on how to improve portscout's detection and selection of distfiles on a per-port basis: http://portscout.freebsd.org/info/portscout-portconfig.txt Thanks. From owner-freebsd-perl@freebsd.org Fri Oct 9 23:35:34 2015 Return-Path: Delivered-To: freebsd-perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B1D9E9D2E70 for ; Fri, 9 Oct 2015 23:35:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 9B3AA1A49 for ; Fri, 9 Oct 2015 23:35:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 985649D2E6F; Fri, 9 Oct 2015 23:35:34 +0000 (UTC) Delivered-To: perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 97F449D2E6E for ; Fri, 9 Oct 2015 23:35:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 892AE1A48 for ; Fri, 9 Oct 2015 23:35:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t99NZY1e077055 for ; Fri, 9 Oct 2015 23:35:34 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: perl@FreeBSD.org Subject: maintainer-feedback requested: [Bug 203667] devel/p5-UI-Dialog: update 1.09 -> 1.11 (CVE-2008-7315) Date: Fri, 09 Oct 2015 23:35:34 +0000 X-Bugzilla-Type: request Message-ID: In-Reply-To: References: X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-perl@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: maintainer of a number of perl-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2015 23:35:34 -0000 Jason Unovitch has reassigned Bugzilla Automation 's request for maintainer-feedback to perl@FreeBSD.org: Bug 203667: devel/p5-UI-Dialog: update 1.09 -> 1.11 (CVE-2008-7315) https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203667 --- Description --- http://www.openwall.com/lists/oss-security/2015/10/08/6 "Use CVE-2008-7315. Note that bug-report discussion debates the question of whether this is a vulnerability. Our feeling is that "I have a script that parses URLs from an e-mail and uses UI::dialog to prompt me to select one. This means that sending me a specially crafted e-mail could cause execution of arbitrary commands" is a plausible use case and that the current documentation at http://search.cpan.org/~kck/UI-Dialog/ doesn't exclude this use case. Also, the code analysis in 107364 suggests that some or all parts of the product were attempting to address input containing ` characters." Commit for CVE-2008-7315 (despite the date, this was assigned yesterday): https://github.com/kckrinke/UI-Dialog/commit/6adc44cc636c615d76297d86835e1a9976 81eb61 Commit for 1.11 version bump: https://github.com/kckrinke/UI-Dialog/commit/f311ecdaa80b895bf4a0f674e05df4e4e5 4a58c1 Upstream bug for CVE-2008-7315: https://rt.cpan.org/Public/Bug/Display.html?id=107364 From owner-freebsd-perl@freebsd.org Fri Oct 9 23:35:35 2015 Return-Path: Delivered-To: freebsd-perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4EF0F9D2E78 for ; Fri, 9 Oct 2015 23:35:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 342741A4E for ; Fri, 9 Oct 2015 23:35:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 3379A9D2E76; Fri, 9 Oct 2015 23:35:35 +0000 (UTC) Delivered-To: perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3324C9D2E75 for ; Fri, 9 Oct 2015 23:35:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 062561A4C for ; Fri, 9 Oct 2015 23:35:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t99NZYUf077104 for ; Fri, 9 Oct 2015 23:35:34 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: perl@FreeBSD.org Subject: [Bug 203667] devel/p5-UI-Dialog: update 1.09 -> 1.11 (CVE-2008-7315) Date: Fri, 09 Oct 2015 23:35:34 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: junovitch@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: perl@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status keywords bug_severity priority component assigned_to reporter flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-perl@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: maintainer of a number of perl-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2015 23:35:35 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203667 Bug ID: 203667 Summary: devel/p5-UI-Dialog: update 1.09 -> 1.11 (CVE-2008-7315) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Keywords: security Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: perl@FreeBSD.org Reporter: junovitch@freebsd.org Assignee: perl@FreeBSD.org Flags: maintainer-feedback?(perl@FreeBSD.org) http://www.openwall.com/lists/oss-security/2015/10/08/6 "Use CVE-2008-7315. Note that bug-report discussion debates the question of whether this is a vulnerability. Our feeling is that "I have a script that parses URLs from an e-mail and uses UI::dialog to prompt me to select one. This means that sending me a specially crafted e-mail could cause execution of arbitrary commands" is a plausible use case and that the current documentation at http://search.cpan.org/~kck/UI-Dialog/ doesn't exclude this use case. Also, the code analysis in 107364 suggests that some or all parts of the product were attempting to address input containing ` characters." Commit for CVE-2008-7315 (despite the date, this was assigned yesterday): https://github.com/kckrinke/UI-Dialog/commit/6adc44cc636c615d76297d86835e1a997681eb61 Commit for 1.11 version bump: https://github.com/kckrinke/UI-Dialog/commit/f311ecdaa80b895bf4a0f674e05df4e4e54a58c1 Upstream bug for CVE-2008-7315: https://rt.cpan.org/Public/Bug/Display.html?id=107364 -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-perl@freebsd.org Fri Oct 9 23:39:33 2015 Return-Path: Delivered-To: freebsd-perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F40F19D3129 for ; Fri, 9 Oct 2015 23:39:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id D95351B46 for ; Fri, 9 Oct 2015 23:39:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id D895E9D3128; Fri, 9 Oct 2015 23:39:32 +0000 (UTC) Delivered-To: perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D833D9D3127 for ; Fri, 9 Oct 2015 23:39:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C4D201B45 for ; Fri, 9 Oct 2015 23:39:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t99NdWSr080925 for ; Fri, 9 Oct 2015 23:39:32 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: perl@FreeBSD.org Subject: [Bug 203667] devel/p5-UI-Dialog: update 1.09 -> 1.11 (CVE-2008-7315) Date: Fri, 09 Oct 2015 23:39:33 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: junovitch@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: perl@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-perl@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: maintainer of a number of perl-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2015 23:39:33 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203667 --- Comment #1 from Jason Unovitch --- CPAN doesn't have the updated release yet despite the version bump on Github. Seems to be some very specific cases for using this for anything nefarious but we minds well and be safe and update to 1.11 as soon as it hits the mirrors. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-perl@freebsd.org Sat Oct 10 07:09:22 2015 Return-Path: Delivered-To: freebsd-perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A9CE9D2A03 for ; Sat, 10 Oct 2015 07:09:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 5F914E12 for ; Sat, 10 Oct 2015 07:09:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 5CE2F9D2A01; Sat, 10 Oct 2015 07:09:22 +0000 (UTC) Delivered-To: perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5C7E29D2A00 for ; Sat, 10 Oct 2015 07:09:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49125E11 for ; Sat, 10 Oct 2015 07:09:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t9A79M6j071836 for ; Sat, 10 Oct 2015 07:09:22 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: perl@FreeBSD.org Subject: [Bug 203667] devel/p5-UI-Dialog: update 1.09 -> 1.11 (CVE-2008-7315) Date: Sat, 10 Oct 2015 07:09:22 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: mat@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: perl@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: resolution bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-perl@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: maintainer of a number of perl-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2015 07:09:22 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203667 Mathieu Arnold changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|New |Closed --- Comment #2 from Mathieu Arnold --- Committed patch from github. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-perl@freebsd.org Sat Oct 10 07:09:45 2015 Return-Path: Delivered-To: freebsd-perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9AE179D2A9E for ; Sat, 10 Oct 2015 07:09:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 80079F10 for ; Sat, 10 Oct 2015 07:09:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 7F6119D2A9C; Sat, 10 Oct 2015 07:09:45 +0000 (UTC) Delivered-To: perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7F0CE9D2A9B for ; Sat, 10 Oct 2015 07:09:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6BC64F0F for ; Sat, 10 Oct 2015 07:09:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t9A79j5p072413 for ; Sat, 10 Oct 2015 07:09:45 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: perl@FreeBSD.org Subject: [Bug 203667] devel/p5-UI-Dialog: update 1.09 -> 1.11 (CVE-2008-7315) Date: Sat, 10 Oct 2015 07:09:45 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: Closed X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: perl@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-perl@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: maintainer of a number of perl-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2015 07:09:45 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203667 --- Comment #3 from commit-hook@freebsd.org --- A commit references this bug: Author: mat Date: Sat Oct 10 07:09:20 UTC 2015 New revision: 398978 URL: https://svnweb.freebsd.org/changeset/ports/398978 Log: Apply upstream patch fixing CVE-2008-7315. PR: 203667 Obtained from: https://github.com/kckrinke/UI-Dialog/commit/6adc44cc636c615d76297d86835e1a997681eb61 Security: CVE-2008-7315 Sponsored by: Absolight Changes: head/devel/p5-UI-Dialog/Makefile head/devel/p5-UI-Dialog/files/ head/devel/p5-UI-Dialog/files/patch-6adc44cc636c615d76297d86835e1a997681eb61 -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-perl@freebsd.org Sat Oct 10 07:10:47 2015 Return-Path: Delivered-To: freebsd-perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 426819D2C30 for ; Sat, 10 Oct 2015 07:10:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 27A8410B2 for ; Sat, 10 Oct 2015 07:10:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 26E9C9D2C2F; Sat, 10 Oct 2015 07:10:47 +0000 (UTC) Delivered-To: perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2685C9D2C2C for ; Sat, 10 Oct 2015 07:10:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 12E9410B1 for ; Sat, 10 Oct 2015 07:10:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t9A7Ak7u076169 for ; Sat, 10 Oct 2015 07:10:46 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: perl@FreeBSD.org Subject: [Bug 203667] devel/p5-UI-Dialog: update 1.09 -> 1.11 (CVE-2008-7315) Date: Sat, 10 Oct 2015 07:10:47 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: Closed X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: perl@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-perl@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: maintainer of a number of perl-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2015 07:10:47 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203667 --- Comment #4 from commit-hook@freebsd.org --- A commit references this bug: Author: mat Date: Sat Oct 10 07:10:19 UTC 2015 New revision: 398979 URL: https://svnweb.freebsd.org/changeset/ports/398979 Log: MFH: r398978 Apply upstream patch fixing CVE-2008-7315. PR: 203667 Obtained from: https://github.com/kckrinke/UI-Dialog/commit/6adc44cc636c615d76297d86835e1a997681eb61 Security: CVE-2008-7315 Sponsored by: Absolight Changes: _U branches/2015Q4/ branches/2015Q4/devel/p5-UI-Dialog/Makefile branches/2015Q4/devel/p5-UI-Dialog/files/ -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-perl@freebsd.org Sat Oct 10 15:27:45 2015 Return-Path: Delivered-To: freebsd-perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1C1C4A10A2B for ; Sat, 10 Oct 2015 15:27:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 01742A1 for ; Sat, 10 Oct 2015 15:27:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id F2AD1A10A2A; Sat, 10 Oct 2015 15:27:44 +0000 (UTC) Delivered-To: perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F24C0A10A29 for ; Sat, 10 Oct 2015 15:27:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DF344A0 for ; Sat, 10 Oct 2015 15:27:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t9AFRiZ7015914 for ; Sat, 10 Oct 2015 15:27:44 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: perl@FreeBSD.org Subject: [Bug 203667] devel/p5-UI-Dialog: update 1.09 -> 1.11 (CVE-2008-7315) Date: Sat, 10 Oct 2015 15:27:44 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: Closed X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: perl@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-perl@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: maintainer of a number of perl-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2015 15:27:45 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203667 --- Comment #5 from commit-hook@freebsd.org --- A commit references this bug: Author: junovitch Date: Sat Oct 10 15:27:11 UTC 2015 New revision: 399004 URL: https://svnweb.freebsd.org/changeset/ports/399004 Log: Document shell command execution via improper escaping in p5-UI-Dialog PR: 203667 Security: CVE-2008-7315 Security: https://vuxml.FreeBSD.org/freebsd/00dadbf0-6f61-11e5-a2a1-002590263bf5.html Changes: head/security/vuxml/vuln.xml -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-perl@freebsd.org Sat Oct 10 15:30:02 2015 Return-Path: Delivered-To: freebsd-perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6601FA10BBC for ; Sat, 10 Oct 2015 15:30:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 4B0AD217 for ; Sat, 10 Oct 2015 15:30:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 47F6EA10BBA; Sat, 10 Oct 2015 15:30:02 +0000 (UTC) Delivered-To: perl@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 47938A10BB9 for ; Sat, 10 Oct 2015 15:30:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 34136215 for ; Sat, 10 Oct 2015 15:30:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t9AFU2wx018311 for ; Sat, 10 Oct 2015 15:30:02 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: perl@FreeBSD.org Subject: [Bug 203667] devel/p5-UI-Dialog: patch 1.09 for shell command execution bug (CVE-2008-7315) Date: Sat, 10 Oct 2015 15:30:02 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: junovitch@freebsd.org X-Bugzilla-Status: Closed X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: perl@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: short_desc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-perl@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: maintainer of a number of perl-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2015 15:30:02 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203667 Jason Unovitch changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|devel/p5-UI-Dialog: update |devel/p5-UI-Dialog: patch |1.09 -> 1.11 |1.09 for shell command |(CVE-2008-7315) |execution bug | |(CVE-2008-7315) --- Comment #6 from Jason Unovitch --- (In reply to Mathieu Arnold from comment #2) Thanks! Post close PR cleanup -- Fix title to reflect this isn't the "1.09 -> 1.11" update -- You are receiving this mail because: You are the assignee for the bug.