Date: Fri, 12 Aug 2016 10:56:12 +0000 (UTC) From: Matthew Seaman <matthew@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r420120 - head/security/vuxml Message-ID: <201608121056.u7CAuCuD092276@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: matthew Date: Fri Aug 12 10:56:12 2016 New Revision: 420120 URL: https://svnweb.freebsd.org/changeset/ports/420120 Log: The perl5 release candidate versions also address the XSLoader local arbitrary code execution vulnerability (CVE-2016-6185), as documented in perldelta(1) So perl5.22-5.22.3.r2 and perl5.24-5.24.1.r2 are not vulnerable. I can't confirm if the updates to perl5.18 and perl5.20 also solve the XSLoader bug or not but by inspection of the source code, I don't believe that to be the case. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Aug 12 09:18:47 2016 (r420119) +++ head/security/vuxml/vuln.xml Fri Aug 12 10:56:12 2016 (r420120) @@ -2212,8 +2212,8 @@ Notes: <name>perl5.24</name> <range><ge>5.18</ge><lt>5.18.99</lt></range> <range><ge>5.20</ge><lt>5.20.99</lt></range> - <range><ge>5.22</ge><lt>5.22.3</lt></range> - <range><ge>5.24</ge><lt>5.24.1</lt></range> + <range><ge>5.22</ge><lt>5.22.3.r2</lt></range> + <range><ge>5.24</ge><lt>5.24.1.r2</lt></range> </package> <package> <name>perl5-devel</name> @@ -2240,7 +2240,7 @@ Notes: <dates> <discovery>2016-06-30</discovery> <entry>2016-08-04</entry> - <modified>2016-08-05</modified> + <modified>2016-08-12</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201608121056.u7CAuCuD092276>