From owner-freebsd-security  Wed Jun 26 15:07:59 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id PAA21188
          for security-outgoing; Wed, 26 Jun 1996 15:07:59 -0700 (PDT)
Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id PAA21128
          for <freebsd-security@FreeBSD.ORG>; Wed, 26 Jun 1996 15:07:44 -0700 (PDT)
Received: by gvr.win.tue.nl (8.6.12/1.53)
    id AAA24375; Thu, 27 Jun 1996 00:06:50 +0200
From: guido@gvr.win.tue.nl (Guido van Rooij)
Message-Id: <199606262206.AAA24375@gvr.win.tue.nl>
Subject: Re: CERT Advisory CA-96.12 - Vulnerability in suidperl (fwd)
To: nate@mt.sri.com (Nate Williams)
Date: Thu, 27 Jun 1996 00:06:49 +0200 (MET DST)
Cc: taob@io.org, freebsd-security@FreeBSD.ORG
In-Reply-To: <199606261914.NAA05459@rocky.mt.sri.com> from Nate Williams at "Jun 26, 96 01:14:32 pm"
X-Mailer: ELM [version 2.4ME+ PL17 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Nate Williams wrote:
> >     I believe this applies to perl4 as shipped with all versions of
> > FreeBSD, as well as the perl5 packages/ports.  Does anyone know what
> > the actual vulnerability is?
> 
> I don't, but thanks for bringing this up.  I was planning on bringing
> this in but I forgot.  I just applied the suggested change to the
> version of perl in -stable and -current, so it'll be in 2.1.5.
> 

We already were no longer vulnerable. Howver, the applied fix won;t hurt.

-Guido