Summary: | <dev-perl/DBD-mysql-4.41.0: Use after free in DBD::mysql when using prepared statements | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kentnl, perl |
Priority: | Normal | Flags: | kensington:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2016/q4/536 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
=dev-perl/DBD-mysql-4.41.0
|
Runtime testing required: | No |
Bug Depends on: | |||
Bug Blocks: | 600180 |
Description
Thomas Deutschmann (RETIRED)
2016-11-28 23:31:16 UTC
commit 4d53b8b72459e05d47ece6069dbcec61447d3178 Author: Kent Fredric <kentnl@gentoo.org> Date: Mon Dec 5 04:41:59 2016 +1300 dev-perl/DBD-mysql: Bump to version 4.41.0 re bug #601144 Upstream: - Fixed use-after-free with repeated fetchrow_arrayref under mysql_server_prepare=1 (CVE-2016-1251) - auto_reconnect now properly reconnects when receiving CR_SERVER_LOST instead of only CR_SERVER_GONE @ Arches, please test and mark stable: =dev-perl/DBD-mysql-4.41.0 Stable on alpha. amd64 stable x86 stable arm stable sparc stable ia64 stable ppc stable ppc64 stable Stable for HPPA. GLSA request filed. This issue was resolved and addressed in GLSA 201701-51 at https://security.gentoo.org/glsa/201701-51 by GLSA coordinator Aaron Bauman (b-man). @maintainer(s), please clean the vulnerable versions. Cleaned: commit 19eeb140a84c8bb903b808bf7ea344a3c633857a Author: Kent Fredric <kentnl@gentoo.org> AuthorDate: Mon Jan 23 21:09:43 2017 +1300 Commit: Kent Fredric <kentnl@gentoo.org> CommitDate: Tue Jan 24 14:50:42 2017 +1300 dev-perl/DBD-mysql: Security cleanup re bug #601144 Tree is clean |