Date: Thu, 4 Aug 2016 17:52:36 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r419639 - head/security/vuxml Message-ID: <201608041752.u74Hqawo040051@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Thu Aug 4 17:52:36 2016 New Revision: 419639 URL: https://svnweb.freebsd.org/changeset/ports/419639 Log: Document perl vulnerability PR: 211561 Security: CVE-2016-1238 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Aug 4 17:48:00 2016 (r419638) +++ head/security/vuxml/vuln.xml Thu Aug 4 17:52:36 2016 (r419639) @@ -58,6 +58,45 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="72bfbb09-5a6a-11e6-a6c3-14dae9d210b8"> + <topic>perl -- local arbitrary code execution</topic> + <affects> + <package> + <name>perl5.18</name> + <name>perl5.20</name> + <name>perl5-devel</name> + <range><ge>0</ge></range> + </package> + <package> + <name>perl5.22</name> + <range><lt>5.22.3</lt></range> + </package> + <package> + <name>perl5.24</name> + <range><lt>5.24.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Sawyer X reports:</p> + <blockquote cite="http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html">; + <p>Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do + not properly remove . (period) characters from the end of the includes + directory array, which might allow local users to gain privileges via a + Trojan horse module under the current working directory.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html</url>; + <cvename>CVE-2016-1238</cvename> + </references> + <dates> + <discovery>2016-07-21</discovery> + <entry>2016-08-04</entry> + </dates> + </vuln> + <vuln vid="556d2286-5a51-11e6-a6c3-14dae9d210b8"> <topic>gd -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201608041752.u74Hqawo040051>