[Bug 1399580] New: CVE-2016-1251 perl-DBD-MySQL:
Use after free when using prepared statements
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1399580
Bug ID: 1399580
Summary: CVE-2016-1251 perl-DBD-MySQL: Use after free when
using prepared statements
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: hhorak(a)redhat.com, jorton(a)redhat.com,
jplesnik(a)redhat.com,
perl-devel(a)lists.fedoraproject.org,
perl-maint-list(a)redhat.com, ppisar(a)redhat.com,
psabata(a)redhat.com
A use after free vulnerability when using prepared statements was found in
DBD::mysql. Function dbd_st_fetch() via Renew() can reallocate output buffer
for mysql_stmt_fetch() call, but it does not update pointer to that buffer in
imp_sth->stmt structure initialized by mysql_stmt_bind_result() function, which
leads to use after free in any mysql function which access imp_sth->stmt
structure.
This vulnerability is present in all releases at least back to versions 3.0 of
the driver, which were released in 2005.
Upstream patch:
https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d0...
References:
http://seclists.org/oss-sec/2016/q4/536
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 3 months
[Bug 1371942] New: use base broken by update to perl 5.22.2
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1371942
Bug ID: 1371942
Summary: use base broken by update to perl 5.22.2
Product: Fedora
Version: 23
Component: perl
Severity: medium
Assignee: jplesnik(a)redhat.com
Reporter: steve.bz(a)yewtc.demon.co.uk
QA Contact: extras-qa(a)fedoraproject.org
CC: cweyl(a)alumni.drew.edu, iarnell(a)gmail.com,
jplesnik(a)redhat.com, kasal(a)ucw.cz,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com,
psabata(a)redhat.com, rc040203(a)freenet.de,
tcallawa(a)redhat.com
External Bug ID: Debian BTS 833030
Description of problem:
...
use base qw{My::Module}
...
causes:
Base class package 'My::Module' is empty
Version-Release number of selected component (if applicable):
5.22.2
How reproducible:
Every time
Steps to Reproduce:
1. Add "use base module_name" to source file
2. compile
3.
Actual results:
as above
Expected results:
it complies ok (it did before security update).
Additional info:
This is essentially the same debian bugreport 833030, but there the version of
perl is 5.14.
I guess the same comments apply, I'm really only submitting this as a bug here
because others might be looking.
I used the work around of adding "use My::Module".
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 3 months
[Bug 1230606] New: Upgrade perl-HTTP-OAI to 4.03
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1230606
Bug ID: 1230606
Summary: Upgrade perl-HTTP-OAI to 4.03
Product: Fedora
Version: rawhide
Component: perl-HTTP-OAI
Keywords: FutureFeature
Assignee: vanoudt(a)gmail.com
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org, vanoudt(a)gmail.com
Latest Fedora delivers perl-HTTP-OAI 3.27. Upstream released 4.03. Please
upgrade.
Also please enable monitoring service to receive reports about new releases.
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 4 months