| Summary: | <dev-perl/DBD-mysql-4.36.0: use-after-free | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | perl |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2016/07/25/13 | ||
| Whiteboard: | B3 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 600180 | ||
| Bug Blocks: | |||
A fixed version is in tree: https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-perl/DBD-mysql?id=e3e3fa8bf0a23417959541cb54c1b098f4067e26 We will handle the stabilization in the recent sec bug 600180 and do cleanup afterwards. This issue was resolved and addressed in GLSA 201701-51 at https://security.gentoo.org/glsa/201701-51 by GLSA coordinator Aaron Bauman (b-man). This issue was resolved and addressed in GLSA 201701-51 at https://security.gentoo.org/glsa/201701-51 by GLSA coordinator Aaron Bauman (b-man). |
From ${URL} : https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html DBD::mysql versions 4.033 and earlier have a use after free bug in the my_login() function. DBD::mysql is a Perl module providing bindings to the mysql database. The issue was fixed in version 4.034. This issue was discovered with Address Sanitizer. https://github.com/perl5-dbi/DBD-mysql/pull/45 Pull request / patch @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.