[Bug 211561] lang/perl5.20, 5.22 & 5.24: Multiple Vulnerabilities
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Aug 11 19:55:20 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211561
--- Comment #15 from Andres Montalban <amontalban at gmail.com> ---
Hey guys,
I have upgraded to latest (perl5-5.20.3_14) but when I run "pkg audit -F" I get
this output:
root at SERVER:~ # pkg audit -F
vulnxml file up-to-date
perl5-5.20.3_14 is vulnerable:
p5-XSLoader -- local arbitrary code execution
CVE: CVE-2016-6185
WWW:
https://vuxml.FreeBSD.org/freebsd/3e08047f-5a6c-11e6-a6c3-14dae9d210b8.html
1 problem(s) in the installed packages found.
But two things:
1) I don't have p5-XSLoader package installed:
root at SERVER:~ # pkg info -ao | grep p5-XSLoader
root at SERVER:~ #
2) Seems XSLoader is in perl5.20 package?
root at SERVER:~ # pkg info -l perl5 | grep XSLoader
/usr/local/lib/perl5/5.20/XSLoader.pm
/usr/local/lib/perl5/5.20/perl/man/man3/XSLoader.3.gz
So maybe the vuln needs to be updated to not match perl5-5.20.3_14 or remove
XSLoader.pm from perl5.20?
Looking forward for your comments.
Thanks!
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
More information about the freebsd-perl
mailing list