208879 – lang/perl5* - CVE-2016-2381

Bug 208879 - lang/perl5* - CVE-2016-2381

Summary: lang/perl5* - CVE-2016-2381

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Ports Security Team

URL:
Keywords:

Duplicates (1):	208880 (view as bug list)
Depends on:
Blocks:

Reported:	2016-04-18 01:13 UTC by Sevan Janiyan
Modified:	2016-05-10 03:12 UTC (History)
CC List:	4 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (perl) junovitch: merge-quarterly+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sevan Janiyan 2016-04-18 01:13:03 UTC

Missing patch & vuxml entry
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2381

Comment 1 Mathieu Arnold freebsd_committer

2016-04-18 09:49:47 UTC

*** Bug 208880 has been marked as a duplicate of this bug. ***

Comment 2 commit-hook freebsd_committer

2016-04-18 11:21:09 UTC

A commit references this bug:

Author: mat
Date: Mon Apr 18 11:20:10 UTC 2016
New revision: 413567
URL: https://svnweb.freebsd.org/changeset/ports/413567

Log:
  Fix a Perl security issue.

  PR:		208879
  Reported by:	Sevan Janiyan
  Security:	CVE-2016-2381
  Sponsored by:	Absolight

Changes:
  head/lang/perl5.18/Makefile
  head/lang/perl5.18/files/patch-7098eff
  head/lang/perl5.20/Makefile
  head/lang/perl5.20/files/patch-7098eff
  head/lang/perl5.22/Makefile
  head/lang/perl5.22/files/patch-58eaa11

Comment 3 Mathieu Arnold freebsd_committer

2016-04-18 11:27:05 UTC

over to the vuxml guys.

Comment 4 Piotr Kubaj freebsd_committer

2016-05-04 07:36:31 UTC

I think this should be MFH'd to 2016Q2.

Comment 5 commit-hook freebsd_committer

2016-05-10 03:00:33 UTC

A commit references this bug:

Author: junovitch
Date: Tue May 10 03:00:14 UTC 2016
New revision: 414913
URL: https://svnweb.freebsd.org/changeset/ports/414913

Log:
  Document Perl taint protection bypass vulnerability

  PR:		208879
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Security:	CVE-2016-2381
  Security:	https://vuxml.FreeBSD.org/freebsd/d9f99491-1656-11e6-94fa-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml

Comment 6 commit-hook freebsd_committer

2016-05-10 03:10:37 UTC

A commit references this bug:

Author: junovitch
Date: Tue May 10 03:10:11 UTC 2016
New revision: 414914
URL: https://svnweb.freebsd.org/changeset/ports/414914

Log:
  MFH r412502 r412503 r413010 r413019 r413036 r413249 r413567:

  Apply batch of Perl updates up to security issue fix.

  Fix a Perl security issue.

  PR:		208879
  Reported by:	Sevan Janiyan
  Security:	CVE-2016-2381
  Sponsored by:	Absolight

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q2/
  branches/2016Q2/lang/perl5-devel/Makefile
  branches/2016Q2/lang/perl5-devel/distinfo
  branches/2016Q2/lang/perl5-devel/files/patch-perl.c
  branches/2016Q2/lang/perl5-devel/files/patch-t_porting_customized.dat
  branches/2016Q2/lang/perl5-devel/pkg-plist
  branches/2016Q2/lang/perl5-devel/version.mk
  branches/2016Q2/lang/perl5.18/Makefile
  branches/2016Q2/lang/perl5.18/files/patch-7098eff
  branches/2016Q2/lang/perl5.18/pkg-plist
  branches/2016Q2/lang/perl5.20/Makefile
  branches/2016Q2/lang/perl5.20/files/patch-7098eff
  branches/2016Q2/lang/perl5.20/pkg-plist
  branches/2016Q2/lang/perl5.22/Makefile
  branches/2016Q2/lang/perl5.22/files/patch-58eaa11
  branches/2016Q2/lang/perl5.22/pkg-plist

Comment 7 Jason Unovitch freebsd_committer

2016-05-10 03:12:25 UTC

Set closed after VuXML and MFH.