Yenya's World

Thu, 06 Dec 2007

Is Perl Being Maintained?

Another of the urgent works of the last month was rebuilding Perl and all of its modules for our production systems. The reason of it was that a security hole had been found in the Perl regular expression engine: CVE-2007-5116.

This hole has shown the sad state of Perl development: there is still not a word about this hole at nor CPAN, and new users are being informed that perl-5.8.8 is the latest and greatest.

However, from looking at the spec file from the Fedora Perl package, it seems that in the last year they have applied even some patches labeled as "fixes from the upstream". So there is some development in the 5.8 branch, but it is apparently not public enough, and the Perl developers do not even acknowledge serious security problems in their web site.

Section: /computers (RSS feed) | Permanent link | 0 writebacks


Yenya's World: Linux and beyond - Yenya's blog.


RSS feed

Jan "Yenya" Kasprzak

The main page of this blog



Blog roll:

alphabetically :-)