Bug 746437 (CVE-2014-10402)

Summary:	dev-perl/DBI: insufficient parameter validation in DBD::File (CVE-2014-10402)
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	CONFIRMED ---
Severity:	minor	CC:	maracay, perl
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590
Whiteboard:	B4 [ebuild]
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2020-10-04 03:40:41 UTC

CVE-2014-10402:

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.

Comment 1 NATTkA bot gentoo-dev

2021-07-29 17:25:49 UTC

Package list is empty or all packages have requested keywords.

Comment 2 John Helmert III archtester

2021-08-02 17:36:19 UTC

Seems like there was a fix merged (under the wrong CVE?):

https://github.com/perl5-dbi/dbi/commit/12e3b14f54524ca81498f40cfa3678604429b2d6

Comment 3 Andreas K. Hüttel archtester

2021-10-23 17:20:52 UTC

Apparently fixed upstream

Comment 4 Andreas K. Hüttel archtester

2021-10-23 17:21:52 UTC

(In reply to Andreas K. Hüttel from comment #3)
> Apparently fixed upstream

Nope, different CVE