Date: Thu, 27 Jun 1996 14:03:17 +0200 (MET DST) From: guido@gvr.win.tue.nl (Guido van Rooij) To: hohmuth@inf.tu-dresden.de (Michael Hohmuth) Cc: freebsd-security@FreeBSD.ORG, bugs@sax.sax.de Subject: Re: CERT Advisory CA-96.12 - Vulnerability in suidperl (fwd) Message-ID: <199606271203.OAA25884@gvr.win.tue.nl> In-Reply-To: <199606271137.NAA10077@irs.inf.tu-dresden.de> from Michael Hohmuth at "Jun 27, 96 01:37:47 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Can anyone shed some light on what was going on? > > I understand from Guido's post that 2.1.0 is not vulnerable even if > the Perl4 patch has not been allpied. Is this correct? > > If this is the case, I suggest backing out the patch from -stable and > -current as well. > 2.1.0 IS vulnerable!!!!! 2.1.0-current and stable are not vulnerable anymore. That is what I was trying to say. So All official releases that had working suidperl *are* vulnerable. As soon as Paul is back from his trip I'm sure he will post an appropriate advisory. -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606271203.OAA25884>