https://bugzilla.redhat.com/show_bug.cgi?id=1877444
Bug ID: 1877444 Summary: perl-dbi: DBD::File drivers open files from folders other than specifically passed Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: psampaio@redhat.com CC: caillon+fedoraproject@gmail.com, hhorak@redhat.com, john.j5live@gmail.com, jorton@redhat.com, jplesnik@redhat.com, kasal@ucw.cz, perl-devel@lists.fedoraproject.org, perl-maint-list@redhat.com, ppisar@redhat.com, rhughes@redhat.com, rstrode@redhat.com, sandmann@redhat.com Target Milestone: --- Classification: Other
https://bugzilla.redhat.com/show_bug.cgi?id=1877444
Pedro Sampaio psampaio@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1857388
A flaw was foundin perl-dbi before version. DBD::File drivers would open files from folders other than specifically passed using the f_dir attribute.
Upstream patch:
https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7...
https://bugzilla.redhat.com/show_bug.cgi?id=1877444
--- Comment #1 from Petr Pisar ppisar@redhat.com --- The fix was released by upstream in DBI-1.632.
https://bugzilla.redhat.com/show_bug.cgi?id=1877444
Todd Cullum tcullum@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1877964
https://bugzilla.redhat.com/show_bug.cgi?id=1877444
--- Comment #4 from Todd Cullum tcullum@redhat.com --- External References:
Advisory: https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-N...
https://bugzilla.redhat.com/show_bug.cgi?id=1877444
Todd Cullum tcullum@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|perl-dbi: DBD::File drivers |CVE-2014-10401 perl-dbi: |open files from folders |DBD::File drivers open |other than specifically |files from folders other |passed |than specifically passed Alias| |CVE-2014-10401
https://bugzilla.redhat.com/show_bug.cgi?id=1877444
--- Comment #5 from Todd Cullum tcullum@redhat.com --- Statement:
perl-DBI as shipped in Red Hat Enterprise Linux 8, rhscl-3 rh-perl526-perl-DBI and rhscl-3 rh-perl530-perl-DBI are notaffected by this flaw as the vulnerable code has already been patched in versions of perl-DBI shipped in these products.
https://bugzilla.redhat.com/show_bug.cgi?id=1877444
--- Comment #6 from Todd Cullum tcullum@redhat.com --- External References:
Advisory: https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-N... Upstream Bug: https://rt.cpan.org/Public/Bug/Display.html?id=99508
https://bugzilla.redhat.com/show_bug.cgi?id=1877444
Todd Cullum tcullum@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Status|NEW |CLOSED Last Closed| |2021-11-02 17:38:46
perl-devel@lists.fedoraproject.org