On (03/15/13 17:30), free...@tern.ru wrote:
Hello Freebsd-security,
I've got portaudit alarm on perl-5.8.9_7 with regard to
perl -- denial of service via algorithmic complexity attack on hashing routines.
Reference:
http://portaudit.FreeBSD.org/68c1f75b-8824-11e2-9996-c48508086173.html
But on the other server I have perl-threaded-5.8.9_7
and portaudit thinks that it is OK (no problem)
Is it correct?
It seems to me that threaded perl also should have the same problem.
It does have the same issue. I've corrected the VuXML entry and you
should see updated portaudit results within 30 minutes. Your 5.8.9
perl-threaded installation should also show up as vulnerable to the same
issue.
Thanks!
-r
Please advise.
PS. I know that it is old and "unsupported" but I don't want to
upgrade without serious reason. And, any way, the "behavior" of
portaudit seems to me not correct.
With best regards,
Alexandre Krasnov.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
--
Ryan Steinmetz
PGP: EF36 D45A 5CA9 28B1 A550 18CD A43C D111 7AD7 FAF2
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
