From ${URL} : https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html DBD::mysql versions 4.033 and earlier have a use after free bug in the my_login() function. DBD::mysql is a Perl module providing bindings to the mysql database. The issue was fixed in version 4.034. This issue was discovered with Address Sanitizer. https://github.com/perl5-dbi/DBD-mysql/pull/45 Pull request / patch @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
A fixed version is in tree: https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-perl/DBD-mysql?id=e3e3fa8bf0a23417959541cb54c1b098f4067e26 We will handle the stabilization in the recent sec bug 600180 and do cleanup afterwards.
This issue was resolved and addressed in GLSA 201701-51 at https://security.gentoo.org/glsa/201701-51 by GLSA coordinator Aaron Bauman (b-man).