old perl vulnerabilitiy

看板FB_security作者時間12年前 (2013/04/27 12:34), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串5/5 (看更多)
Hello Freebsd-security, I've got portaudit alarm on perl-5.8.9_7 with regard to perl -- denial of service via algorithmic complexity attack on hashing routines. Reference: http://portaudit.FreeBSD.org/68c1f75b-8824-11e2-9996-c48508086173.html But on the other server I have perl-threaded-5.8.9_7 and portaudit thinks that it is OK (no problem) Is it correct? It seems to me that threaded perl also should have the same problem. Please advise. PS. I know that it is old and "unsupported" but I don't want to upgrade without serious reason. And, any way, the "behavior" of portaudit seems to me not correct. With best regards, Alexandre Krasnov. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 freebsd. 的文章
文章代碼(AID): #1HUrLCzq (FB_security)
更多 freebsd. 的文章
文章代碼(AID): #1HUrLCzq (FB_security)