Perl V5.8-6 for OpenVMS

    Update 02

    Release Notes

    April, 2008


    Problems Corrected
    ------------------
    This update contains software fixes for the security vulnerabilities
    detailed below as well as software fixes for general problems.

    1. When a subprocess is created from Perl using the 'system()'
       function, a keyboard interrupt (^Y) does not exit smoothly.
       It takes three ^Y strokes to make the script exit.  This is
       particularly bad on the Itanium architecture because of a
       difference in DCL where the only valid command at the next
       prompt is "STOP".  All other DCL commands will cause Perl to
       remain active.

       The fix included will change the behavior to exit after the
       first ^Y and cause the image to rundown properly.

    2. When PERL5LIB and PERLLIB logicals are defined as multiple user
       defined logicals, which in turn points to more than one directories
       then perl is handling only the first directory in the logical.

       The fix included will change the behavior of PERL5LIB and PERLLIB
       logical translations.

    3. CVE-2007-5116:Buffer overflow in the polymorphic opcode support 
       in the Regular Expression Engine. 

       For additional information, see:
       
       http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116

    4. CVE-2005-3962:Integer overflow in the format string functionality
      (Perl_sv_vcatpvfn).

      For additional information, see:
      
      http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962

   
    Installation Instructions
    -------------------------

    $ PRODUCT INSTALL PERL586_UPDATE

    ----------------------------------

    Complete documentation for Perl, including the Installation
    Guide, and Release Notes, is available in HTML and Text
    format from:

 http://h71000.www7.hp.com/openvms/products/ips/apache/csws_perl_relnotes.html