Thu, 06 Dec 2007
Is Perl Being Maintained?
Another of the urgent works of the last month was rebuilding Perl and all of its modules for our production systems. The reason of it was that a security hole had been found in the Perl regular expression engine: CVE-2007-5116.
This hole has shown the sad state of Perl development: there is still not
a word about this hole at www.perl.org
nor CPAN, and new users are being informed
that perl-5.8.8
is the latest and greatest.
However, from looking at the spec
file from
the Fedora Perl package,
it seems that in the last year they have applied even some patches
labeled as "fixes from the upstream". So there is some development
in the 5.8 branch, but it is apparently not public enough, and the Perl
developers do not even acknowledge serious security problems in their
web site.