From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 83959 invoked by alias); 8 Mar 2016 18:32:13 -0000 Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com Received: (qmail 83943 invoked by uid 89); 8 Mar 2016 18:32:12 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.9 required=5.0 tests=BAYES_00,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_PASS autolearn=no version=3.3.2 spammy=H*M:cygwin, meantime, H*Ad:U*yselkowitz X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Tue, 08 Mar 2016 18:32:11 +0000 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (Postfix) with ESMTPS id 78874C00DE06 for ; Tue, 8 Mar 2016 18:32:10 +0000 (UTC) Received: from [10.10.116.35] (ovpn-116-35.rdu2.redhat.com [10.10.116.35]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u28IW8nv027574 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 8 Mar 2016 13:32:10 -0500 Subject: Re: [SECURITY] perl: CVE-2016-2381 To: cygwin-apps@cygwin.com References: <56DD12D6.2060308@cygwin.com> <87si029mqm.fsf@Rainer.invalid> <87io0w4zrh.fsf@Rainer.invalid> From: Yaakov Selkowitz Message-ID: <56DF1A99.8000109@cygwin.com> Date: Tue, 08 Mar 2016 18:32:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <87io0w4zrh.fsf@Rainer.invalid> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2016-03/txt/msg00017.txt.bz2 On 2016-03-08 11:59, Achim Gratz wrote: > Achim Gratz writes: >> Yaakov Selkowitz writes: >>> A security vulnerability has been made public for perl: >> >> I've asked on p5p what the plan is for another 5.22 release. If that's >> too far off, I'll just patch 5.22.1, otherwise I'll wait for these >> patches (there are more fixes on the branch) to be released in 5.22.2. > > The answer is that a release will happen "hoepfully before May", so > unless that shifts even further out I'd be inclined to wait for the > release. That's way too long to leave a public vulnerability unpatched. Please ship a 5.22.1-2 in the meantime. -- Yaakov