I've now put a fix in the book for two recent perl vulnerabilities (one was sometime last year, I hadn't been aware of it - it was only when I searched to see what Ag had referred to on blfs-dev that I came across it plus the more recent one). If the security list was still in use, I'd post there advising everyone to upgrade. As I noted in the patch, perl 5.10 has its own (unrelated) first recorded vulnerability so it doesn't make a lot of sense to upgrade to that.
Of course, this doesn't mean the book is free of known vulnerabilities - there have been a number of kernel issues recently. To be honest, I don't know where the book is supposed to be going after the discussions a couple of months ago (package management, dynamically generated book, whatever) and I don't have the time to try building with newer kernels at the moment. Anyone who is _really_ concerned can either upgrade the installed kernel to stable's latest (2.6.25.10 at the moment) or, if you are building afresh you can use 2.6.24.7 for the headers and if you really want to stay with the 2.6.24-series there is a patch at cross-lefs.org for backported fixes (For clfs, backporting makes sense as we try to get a release under way, for LFS between releases it doesn't sound like an obvious thing to do). ĸen -- das eine Mal als Tragödie, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
