[nycbug-talk] insecure perl port?

Pete Wright pete
Tue Feb 1 21:58:16 EST 2005


On Tue, Feb 01, 2005 at 09:56:03PM -0500, Scott Robbins wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Tue, Feb 01, 2005 at 08:37:54PM -0500, Pete Wright wrote:
> > On Thu, Jan 27, 2005 at 03:16:09PM -0500, Pete Wright wrote:
> > > hey has anyone been following this on the list:
> > > 
> > > (from my nightly portaudit)
> > > Affected package: perl-5.8.5
> > > Type of problem: perl -- File::Path insecure file/directory permissions.
> > > Reference: <http://www.FreeBSD.org/ports/portaudit/c418d472-6bd1-11d9-93ca-000a95bc6fae.html>
> > > 
> > > (now i won't tell you which box this on..sorry ;)
> > > i've checked the reference URL and didn't find any more info,
> > > and it does not seem that the port's tree has been updated
> > > to fix this yet (atleast it wasn't a little while ago).  any
> > > ideas?
> 
> > > 
> > 
> > 
> > going to follow up on this one, it appears that as of today (02.01.05)
> > there has been a new perl5.8 port released the version up to 5.8.6.  
> 
> 
> Yes, and still showing a vulnerability, so you'd have to use
> - - -DDISABLE_VULNERABILITIES
> 
> Pete and everyone else, very sorry, I was in error.  A portupgrade
> failed and wasn't perl, thought I saw it properly on the screen, but it
> was another package dependent upon perl. 
> 
> Doing portaudit -Fa after the new port was installed does not give me a
> perl vulnerability.
> 
> Again, my apologies.

ah execellent.  no worries tho scott!

-pete


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
917.415.9866




More information about the talk mailing list