![]() ![]() CVE-2014-4330: The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.CVE-2013-1667: The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.CVE-2012-5195: Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.Maybe also clarify that there are quite a few nasty things that have since been fixed. You don't want to be the one who gets the blame if the fit hits the shan, so to speak: Just in case, send them the link to the CVE database for Perl in writing. What do we have to do to keep this old version running?", when really, the question should be (in my opinion): "What do we have to do to make sure we have the latest security updates". They are asking "Upgrading Perl *may* result in some additional work, so keeping the old version is the best option we have. I think your company IT is facing a classic XY problem. ![]() So your company IT prefers to use a Perl version with known security problems (including remote code execution and stuff) because they don't want to risk that someone possibly, maybe, on the-off-chance of the moonphase being wrong, having to go in and fix a couple of bugs in old scripts? The company only allows active Perl 5.12.00 Sounds like that won't interfere with your usage, but it's best if you get the latest version (0.1713), anyway. There's an Issue with Win32-0LE-0.1712 (and earlier) wrt 64-bit MS Outlook. So, before I download that, I'd like to know IF this Win32::OLE utility still will work for a 64 bit/Perl 5.12.00? But still, assuming you have a 64bit 5.12.0 successfully working, with a full build environment, I think it likely that Win32::OLE is going to work for you. It appears 5.12.3 was the first that Strawberry shipped with 64bit. Even the most recent 0.1713 works on Perl v5.12.2, so my guess is that 5.12.0 should also install it fine (and that it's just no one is bothering to smoke-test on 5.12.0 when 5.12.2/3 both exist).Įdit: sorry, I didn't see that Strawberry 5.12.0 only shipped as 32bit. The cpantesters Win32-OLE Matrix shows the last version of the module that has submitted a passing test with each version of Perl. ![]() Well, Strawberry Perl 5.12.0 ships with Win32::OLE v0.1709 by default, so it obviously works with that version of Perl. Re: can i still use Win32::OLE with active Perl 64 bit? I asked a similar question ( What Windows 64 bit traps are out there?) when I was upgrading & the answers I got are still helpful. Re: Can I still use Win32::OLE with active Perl 64 bit? ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |