ActiveState is pleased to announce ActivePerl 5.10.1 build 1006,
a complete, ready-to-install Perl distribution for Windows, Mac OS X,
Linux, Solaris, and AIX.

For detailed information or to download these releases, see:

New in ActivePerl 5.10.1 Build 1006

* Significant changes that have occurred in the Perl 5.10.1 release,
  including some incompatible changes to the select statement and the
  smart matching operator, are documented in the perl5101delta manpage.

* The following security vulnerabilities have been addressed:

  - CVE-2009-1391

    Off-by-one error in the inflate function in Zlib.xs in
    Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS,
    SpamAssassin, and possibly other products, allows context-dependent
    attackers to cause a denial of service (hang or crash) via a crafted
    zlib compressed stream that triggers a heap-based buffer overflow.

    This CVE was already addressed in ActivePerl build 1005 but was not
    mentioned in the change log.

  - CVE-2009-1884

    Off-by-one error in the bzinflate function in Bzip2.xs in the
    Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent
    attackers to cause a denial of service (application hang or crash) via a
    crafted bzip2 compressed stream that triggers a buffer overflow, a
    related issue to CVE-2009-1391.

* PPM now always scans all the .packlist files that are newer than the
  corresponding PPM database for that install area. This means that
  modules installed manually, or via the CPAN shell will immediately be
  listed by `ppm query` and can be uninstalled with `ppm remove`.

* On 32-bit Windows the CPAN shell will automatically download and
  install the MinGW GCC compiler and the dmake utility if it cannot find
  a C compiler and make utility on the PATH. In other situations (e.g.
  when you run `perl Makefile.PL` from the commandline) ActivePerl will
  only display a warning and information how to manually install the
  MinGW compiler.

* All modules shipped as part of core Perl will now be included in the
  PPM database. That allows `ppm upgrade` to automatically detect if
  updates for any of the core modules are available from a PPM

* Almost all bundled modules have been updated to their latest released
  version from CPAN. Use the `ppm query` command to check the exact
  version included in this release.

  - This release contains DBI version 1.607 and SQL-Statement version
    1.15. This combination is the most recent one that does not break
    operation of the DBD-CSV module. The latest versions at the time of
    the ActivePerl release are DBI 1.609 and SQL-Statement
    1.20 which showed several regressions when used with DBD::CSV in
    ActiveState's testing.

  - The JSON-XS module has been removed from the ActivePerl distribution.
    Please install it using `ppm install JSON-XS` if you need it.

Getting Started

Whether you're a first-time user or a long-time fan, our free resources
will help you get the most from ActivePerl.

Mailing list archives:


Everyone is encouraged to participate in making Perl an even better

For bugs related to ActiveState use:

For bugs related directly to Perl please use the 'perlbug' utility.


Reply via email to