https://bugzilla.redhat.com/show_bug.cgi?id=1879741
Bug ID: 1879741 Summary: CVE-2014-10402 perl-dbi: Incomplete fix for CVE-2014-10401 Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: psampaio@redhat.com CC: caillon+fedoraproject@gmail.com, hhorak@redhat.com, john.j5live@gmail.com, jorton@redhat.com, jplesnik@redhat.com, kasal@ucw.cz, perl-devel@lists.fedoraproject.org, perl-maint-list@redhat.com, ppisar@redhat.com, rhughes@redhat.com, rstrode@redhat.com, sandmann@redhat.com Target Milestone: --- Classification: Other
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
Upstream bug:
https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590
https://bugzilla.redhat.com/show_bug.cgi?id=1879741
Pedro Sampaio psampaio@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1857388
https://bugzilla.redhat.com/show_bug.cgi?id=1879741
Todd Cullum tcullum@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version|perl-DBI 1.632 |
https://bugzilla.redhat.com/show_bug.cgi?id=1879741
Todd Cullum tcullum@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1884324, 1884325, 1884326
https://bugzilla.redhat.com/show_bug.cgi?id=1879741
Todd Cullum tcullum@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Status|NEW |CLOSED Last Closed| |2021-11-02 17:47:37
perl-devel@lists.fedoraproject.org