use Perl

• I just googled for this (Score:1)

  by btilly (5037)

  I quickly found http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116 [mitre.org] from which I went to https://bugzilla.redhat.com/show_bug.cgi?id=323571 [redhat.com] which has a link to https://bugzilla.redhat.com/attachment.cgi?id=255541 [redhat.com] which has the patch that Red Hat used.
  
  I don't know why this isn't hasn't been addressed in an official Perl release. (5.8.9 anyone?)
  • Re: (Score:1)

    by n1vux (1492)

    Ben,
    
    Google is your friend.
    
    See comment up and over.
    
    Bill

    --
    Bill
    # I had a sig when sigs were cool
    use Sig;
• The patch is in ... but not there yet (Score:1)

  by n1vux (1492)

  Google is your friend. Not only did they report the bug, Google-fu tells me Fix is in [activestate.com] 5.10 RC1 and RC2 (haven't looked back into 5.9.x other than 5.9.1, not in).

  Nicholas applied the patch to maint-58 [activestate.com] on 11/06.

  I haven't heard what if any plan there is for a 5.8.9 as you suggest - CPAN regression testing is pretty busy with 5.10-RC2. Vendors / downstream distros are applying the patch to their 5.8.8+, as they should. If you have a security-critical perl app that isn't carefully untainting user-supplied

  --
  Bill
  # I had a sig when sigs were cool
  use Sig;
  • Re: (Score:1)

    by ddick (5726)

    Thanks Bill.
    • Re:The patch is in ... AND IS there NOW (Score:1)

      by n1vux (1492)

      You probably already saw the update [perl.org] on frontpage, but just to complete the chain/reference *Patch Announced* [perl.org].

      Google didn't find the 11/15 p5p msg [perl.org] the other day, but it does now.

      --
      Bill
      # I had a sig when sigs were cool
      use Sig;