[scl.org] SCL : perl 5.30 and recent CVE like CVE-2020-10878

Jitka Plesnikova - Gmail jplesnik at redhat.com
Mon Jun 21 14:01:29 UTC 2021

> I'm testing perls in SCL for rhel7 and centos7... and it seems that
> the last packaged verison of perl is 5.30.1
> Alas some CVE touching this version of perl were raised in 2020
> leading to perl 5.30.2 and perl 5.30.3 peing released, soi wonder
> about the status of these CVE in SCL packaged perls
> Redhat appears to have fixed the 5.16 defautl version in Rhel 7 and
> also in Rhel 8 including modules... but what about SCL on rhel 7 or
> Centos 7 ?

you are correct, the latest version of Perl is 5.30.1 in SCL. We don't
plan to update Perl in SCL.
If you want Red Hat to fix the CVEs or update Perl in SCL, you have to
file an official support request
at https://access.redhat.com/support/.


> -- 
> /I'm checking my mails a few times per week and not on a real time
> basis. Thanks for your understanding./
> /Je traite mes mails par moments dans la semaine et non au fil de
> l'eau. Merci de votre compréhension/
> _______________________________________________
> SCLorg mailing list
> SCLorg at redhat.com
> https://listman.redhat.com/mailman/listinfo/sclorg

Jitka Plesnikova
Software Engineer
Red Hat

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/sclorg/attachments/20210621/1d0b720b/attachment.htm>

More information about the SCLorg mailing list