* [SECURITY] perl: CVE-2016-2381
@ 2016-03-07 5:34 Yaakov Selkowitz
2016-03-07 18:17 ` Achim Gratz
0 siblings, 1 reply; 4+ messages in thread
From: Yaakov Selkowitz @ 2016-03-07 5:34 UTC (permalink / raw)
To: cygwin-apps
Achim,
A security vulnerability has been made public for perl:
https://bugzilla.redhat.com/show_bug.cgi?id=1309214
http://pkgs.fedoraproject.org/cgit/rpms/perl.git/plain/perl-5.23.8-remove-duplicate-environment-variables-from-environ.patch?h=f23
--
Yaakov
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [SECURITY] perl: CVE-2016-2381
2016-03-07 5:34 [SECURITY] perl: CVE-2016-2381 Yaakov Selkowitz
@ 2016-03-07 18:17 ` Achim Gratz
2016-03-08 17:59 ` Achim Gratz
0 siblings, 1 reply; 4+ messages in thread
From: Achim Gratz @ 2016-03-07 18:17 UTC (permalink / raw)
To: cygwin-apps
Yaakov Selkowitz writes:
> A security vulnerability has been made public for perl:
I've asked on p5p what the plan is for another 5.22 release. If that's
too far off, I'll just patch 5.22.1, otherwise I'll wait for these
patches (there are more fixes on the branch) to be released in 5.22.2.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
SD adaptation for Waldorf rackAttack V1.04R1:
http://Synth.Stromeko.net/Downloads.html#WaldorfSDada
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [SECURITY] perl: CVE-2016-2381
2016-03-07 18:17 ` Achim Gratz
@ 2016-03-08 17:59 ` Achim Gratz
2016-03-08 18:32 ` Yaakov Selkowitz
0 siblings, 1 reply; 4+ messages in thread
From: Achim Gratz @ 2016-03-08 17:59 UTC (permalink / raw)
To: cygwin-apps
Achim Gratz writes:
> Yaakov Selkowitz writes:
>> A security vulnerability has been made public for perl:
>
> I've asked on p5p what the plan is for another 5.22 release. If that's
> too far off, I'll just patch 5.22.1, otherwise I'll wait for these
> patches (there are more fixes on the branch) to be released in 5.22.2.
The answer is that a release will happen "hoepfully before May", so
unless that shifts even further out I'd be inclined to wait for the
release.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Wavetables for the Terratec KOMPLEXER:
http://Synth.Stromeko.net/Downloads.html#KomplexerWaves
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [SECURITY] perl: CVE-2016-2381
2016-03-08 17:59 ` Achim Gratz
@ 2016-03-08 18:32 ` Yaakov Selkowitz
0 siblings, 0 replies; 4+ messages in thread
From: Yaakov Selkowitz @ 2016-03-08 18:32 UTC (permalink / raw)
To: cygwin-apps
On 2016-03-08 11:59, Achim Gratz wrote:
> Achim Gratz writes:
>> Yaakov Selkowitz writes:
>>> A security vulnerability has been made public for perl:
>>
>> I've asked on p5p what the plan is for another 5.22 release. If that's
>> too far off, I'll just patch 5.22.1, otherwise I'll wait for these
>> patches (there are more fixes on the branch) to be released in 5.22.2.
>
> The answer is that a release will happen "hoepfully before May", so
> unless that shifts even further out I'd be inclined to wait for the
> release.
That's way too long to leave a public vulnerability unpatched. Please
ship a 5.22.1-2 in the meantime.
--
Yaakov
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-03-08 18:32 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-03-07 5:34 [SECURITY] perl: CVE-2016-2381 Yaakov Selkowitz
2016-03-07 18:17 ` Achim Gratz
2016-03-08 17:59 ` Achim Gratz
2016-03-08 18:32 ` Yaakov Selkowitz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).