[nycbug-talk] insecure perl port?
Pete Wright
pete
Tue Feb 1 20:58:26 EST 2005
On Tue, Feb 01, 2005 at 08:53:54PM -0500, Scott Robbins wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tue, Feb 01, 2005 at 08:37:54PM -0500, Pete Wright wrote:
> > On Thu, Jan 27, 2005 at 03:16:09PM -0500, Pete Wright wrote:
> > > hey has anyone been following this on the list:
> > >
> > > (from my nightly portaudit)
> > > Affected package: perl-5.8.5
> > > Type of problem: perl -- File::Path insecure file/directory permissions.
> > > Reference: <http://www.FreeBSD.org/ports/portaudit/c418d472-6bd1-11d9-93ca-000a95bc6fae.html>
> > >
> > > (now i won't tell you which box this on..sorry ;)
> > > i've checked the reference URL and didn't find any more info,
> > > and it does not seem that the port's tree has been updated
> > > to fix this yet (atleast it wasn't a little while ago). any
> > > ideas?
>
> > >
> >
> >
> > going to follow up on this one, it appears that as of today (02.01.05)
> > there has been a new perl5.8 port released the version up to 5.8.6.
>
>
> Yes, and still showing a vulnerability, so you'd have to use
> - - -DDISABLE_VULNERABILITIES
>
> Wow, I have a lot of ports depending on perl.
>
grrr...that's kinda upsetting. does anyone know if this is an issue
that is being worked on seriously with the perl devs, what little info
i've gotten from the bug report it sounds like a pretty serious issue.
-pete
--
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
917.415.9866
More information about the talk
mailing list