It was reported  that a possible buffer overrun flaw exists in unixODBC's
SQLDriverConnect() function. A large value for the SAVEFILE parameter in the
connection string could trigger this, resulting in a crash. SecurityFocus
claims this may also lead to the execution of arbitrary code as the user
running the application using unixODBC . This has been corrected upstream
We have no maintainer for this package at this time.
Created attachment 268231 [details, diff]
Created attachment 268233 [details]
I stepped up to maintain this, since it was maintainer-needed.
I just committed the new ebuild and patch.
Arches, please test and mark stable:
Target KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
x86 stable. Thanks
Stable on alpha.
Thanks, everyone. GLSA request filed.
This issue was resolved and addressed in
GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml
by GLSA coordinator Sean Amoss (ackle).