[nycbug-talk] insecure perl port?

Scott Robbins scottro
Tue Feb 1 20:53:54 EST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Feb 01, 2005 at 08:37:54PM -0500, Pete Wright wrote:
> On Thu, Jan 27, 2005 at 03:16:09PM -0500, Pete Wright wrote:
> > hey has anyone been following this on the list:
> > 
> > (from my nightly portaudit)
> > Affected package: perl-5.8.5
> > Type of problem: perl -- File::Path insecure file/directory permissions.
> > Reference: <http://www.FreeBSD.org/ports/portaudit/c418d472-6bd1-11d9-93ca-000a95bc6fae.html>
> > 
> > (now i won't tell you which box this on..sorry ;)
> > i've checked the reference URL and didn't find any more info,
> > and it does not seem that the port's tree has been updated
> > to fix this yet (atleast it wasn't a little while ago).  any
> > ideas?

> > 
> 
> 
> going to follow up on this one, it appears that as of today (02.01.05)
> there has been a new perl5.8 port released the version up to 5.8.6.  


Yes, and still showing a vulnerability, so you'd have to use
- - -DDISABLE_VULNERABILITIES

Wow, I have a lot of ports depending on perl.    

- - -- 

Scott Robbins

PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Xander: She must be right. We must have some kind of
amnesia.
Buffy: I don't know what that is, but I'm certain I don't have it. I
bathe quite
often.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQFCADFk+lTVdes0Z9YRAh6xAJ4poMOM3Zrjg8jvQE6JE2sfJSq6LwCfbOwq
5h5+MeBiqgOgEU7G54LONKs=
=QpPm
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQFCADKy+lTVdes0Z9YRAvPcAKCz8LVg85VgtIPkEsGbVPCcwHkVvACgmcg+
x/a7KTT9n78F/GHeTZE4i3E=
=0LzC
-----END PGP SIGNATURE-----




More information about the talk mailing list