FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3e08047f-5a6c-11e6-a6c3-14dae9d210b8p5-XSLoader -- local arbitrary code execution

Jakub Wilk reports:

XSLoader tries to load code from a subdirectory in the cwd when called inside a string eval


Discovery 2016-06-30
Entry 2016-08-04
Modified 2016-08-22
p5-XSLoader
< 0.22

perl5
perl5.18
perl5.20
perl5.22
perl5.24
perl5-devel
< 5.18.4_24

ge 5.20 lt 5.20.3_15

ge 5.21 lt 5.22.3.r2

ge 5.23 lt 5.24.1.r2

ge 5.25 lt 5.25.2.87

perl
ge 0

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829578
CVE-2016-6185
333f655a-b93a-11e5-9efa-5453ed2e2b49p5-PathTools -- File::Spec::canonpath loses taint

Ricardo Signes reports:

Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath() routine returned untained strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code.

This defect was found and reported by David Golden of MongoDB.


Discovery 2016-01-11
Entry 2016-01-12
Modified 2016-08-22
p5-PathTools
gt 3.4000 lt 3.6200

perl5
perl5.20
perl5.22
perl5-devel
ge 5.19.9 lt 5.20.2

ge 5.21.0 lt 5.22.2

ge 5.23.0 lt 5.23.7

CVE-2015-8607
https://rt.perl.org/Public/Bug/Display.html?id=126862
d9f99491-1656-11e6-94fa-002590263bf5perl5 -- taint mechanism bypass vulnerability

MITRE reports:

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.


Discovery 2016-04-08
Entry 2016-05-10
Modified 2016-08-22
perl5
< 5.18.4_21

ge 5.20.0 lt 5.20.3_12

ge 5.22.0 lt 5.22.1_8

perl5.18
ge 5.18.0 lt 5.18.4_21

perl5.20
ge 5.20.0 lt 5.20.3_12

perl5.22
ge 5.22.0 lt 5.22.1_8

perl
ge 0

CVE-2016-2381
ports/208879
72bfbb09-5a6a-11e6-a6c3-14dae9d210b8perl -- local arbitrary code execution

Sawyer X reports:

Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.


Discovery 2016-07-21
Entry 2016-08-04
Modified 2016-08-22
perl5
perl5.18
perl5.20
perl5.22
perl5.24
perl5-devel
< 5.18.4_23

ge 5.20 lt 5.20.3_14

ge 5.21 lt 5.22.3.r2

ge 5.23 lt 5.24.1.r2

ge 5.25 lt 5.25.3.18

perl
ge 0

http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html
CVE-2016-1238