[nycbug-talk] insecure perl port?
Scott Robbins
scottro
Tue Feb 1 21:56:03 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, Feb 01, 2005 at 08:37:54PM -0500, Pete Wright wrote:
> On Thu, Jan 27, 2005 at 03:16:09PM -0500, Pete Wright wrote:
> > hey has anyone been following this on the list:
> >
> > (from my nightly portaudit)
> > Affected package: perl-5.8.5
> > Type of problem: perl -- File::Path insecure file/directory permissions.
> > Reference: <http://www.FreeBSD.org/ports/portaudit/c418d472-6bd1-11d9-93ca-000a95bc6fae.html>
> >
> > (now i won't tell you which box this on..sorry ;)
> > i've checked the reference URL and didn't find any more info,
> > and it does not seem that the port's tree has been updated
> > to fix this yet (atleast it wasn't a little while ago). any
> > ideas?
> >
>
>
> going to follow up on this one, it appears that as of today (02.01.05)
> there has been a new perl5.8 port released the version up to 5.8.6.
Yes, and still showing a vulnerability, so you'd have to use
- - -DDISABLE_VULNERABILITIES
Pete and everyone else, very sorry, I was in error. A portupgrade
failed and wasn't perl, thought I saw it properly on the screen, but it
was another package dependent upon perl.
Doing portaudit -Fa after the new port was installed does not give me a
perl vulnerability.
Again, my apologies.
- - --
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
Xander: She must be right. We must have some kind of
amnesia.
Buffy: I don't know what that is, but I'm certain I don't have it. I
bathe quite
often.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
iD8DBQFCADFk+lTVdes0Z9YRAh6xAJ4poMOM3Zrjg8jvQE6JE2sfJSq6LwCfbOwq
5h5+MeBiqgOgEU7G54LONKs=
=QpPm
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
iD8DBQFCADKy+lTVdes0Z9YRAvPcAKCz8LVg85VgtIPkEsGbVPCcwHkVvACgmcg+
x/a7KTT9n78F/GHeTZE4i3E=
=0LzC
-----END PGP SIGNATURE-----
More information about the talk
mailing list