UbuntuUpdates.org

Package "libdbi-perl"

Name: libdbi-perl

Description:

Perl Database Interface (DBI)

Latest version: 1.640-1ubuntu0.3
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: https://dbi.perl.org/

Links


Download "libdbi-perl"


Other versions of "libdbi-perl" in Bionic

Repository Area Version
base main 1.640-1
security main 1.640-1ubuntu0.3

Changelog

Version: 1.640-1ubuntu0.3 2021-08-04 13:06:18 UTC

  libdbi-perl (1.640-1ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: wrong folder used when opening files
    - debian/patches/CVE-2014-10402.patch: correctly parse DSN in
      lib/DBD/File.pm.
    - CVE-2014-10402
  * SECURITY UPDATE: out-of-bounds write via buffer overflow
    - debian/patches/CVE-2020-14393.patch: properly handle long strings in
      DBI.xs, t/02dbidrv.t.
    - CVE-2020-14393

 -- Marc Deslauriers <email address hidden> Fri, 30 Jul 2021 07:25:50 -0400

Source diff to previous version
CVE-2014-10402 An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed
CVE-2020-14393 A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an

Version: 1.640-1ubuntu0.2 2020-09-23 16:06:54 UTC

  libdbi-perl (1.640-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2019-20919.patch: adds a check for NULL
      for PL_dirty and profile in DBI.xs.
    - CVE-2019-20919

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 18 Sep 2020 12:57:13 -0300

Source diff to previous version
CVE-2019-20919 An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But,

Version: 1.640-1ubuntu0.1 2020-09-16 15:06:17 UTC

  libdbi-perl (1.640-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Memory corruption
    - debian/patches/CVE-2020-14392.patch: changes fix memory
      corruption in XS functions when Perl stack is reallocated in
      DBI.xs, Driver.xst.
    - CVE-2020-14392

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 14 Sep 2020 12:53:35 -0300




About   -   Send Feedback to @ubuntu_updates