Bug#973342: buster-pu: package libdbi-perl/1.642-1+deb10u2

To: Xavier Guimard <yadd@debian.org>, 973342@bugs.debian.org
Subject: Bug#973342: buster-pu: package libdbi-perl/1.642-1+deb10u2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sun, 22 Nov 2020 18:14:05 +0000
Message-id: <[🔎] afbab45345864bfa011b75ccc6d1bac96b73aab5.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 973342@bugs.debian.org
In-reply-to: <160395379047.1285908.3523946704791748149.reportbug@deb007.xnr.fr>
References: <160395379047.1285908.3523946704791748149.reportbug@deb007.xnr.fr> <160395379047.1285908.3523946704791748149.reportbug@deb007.xnr.fr>

Control: tags -1 + confirmed

On Thu, 2020-10-29 at 07:43 +0100, Xavier Guimard wrote:
> libdbi-perl is still vulnerable to CVE-2014-10401: DBD::File drivers
> can open files from folders other than those specifically passed via
> the f_dir attribute.

+  * lib/DBD/File.pm: fix CVE-2014-10401 (Closes: #972180)

That bug report claims to be related to CVE-2014-1040*2*, which is the
result of an incomplete initial fix for CVE-2014-10401.

That seems worth clarifying, but in any case please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Bug#975448: marked as done (nmu: antimony_0.9.3-2)
Next by Date: Processed: Re: Bug#973342: buster-pu: package libdbi-perl/1.642-1+deb10u2
Previous by thread: Bug#975448: marked as done (nmu: antimony_0.9.3-2)
Next by thread: Processed: Re: Bug#973342: buster-pu: package libdbi-perl/1.642-1+deb10u2
Index(es):
- Date
- Thread