Ok, thanks, Tim. On Thu, Sep 17, 2020 at 11:11 Tim Bunce <tim.bu...@pobox.com> wrote:
> I've not seen much (any?) traffic on this list recently. Is this list > still alive? > > > The DBI is very, um, stable. > > Is there a new release of DBI with the fix in place that I missed? > > > Yes, 1.643. It's not made very clear though. > > CVE-2020-14392 > <https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14392.html> > says > "An untrusted pointer dereference flaw was found in Perl-DBI < 1.643" (note > the "<") > > The changes <https://metacpan.org/changes/distribution/DBI> for the 1.643 > release include several fixes from Pali and Petr. (Thanks!) > > Tim. > > On 16 Sep 2020, at 18:25, Jonathan Leffler <jonathan.leff...@gmail.com> > wrote: > > I've not seen much (any?) traffic on this list recently. Is this list > still alive? > > This message arrived from Canonical/Ubuntu about a fixed bug in DBI — > numerous versions thereof (1.640, 1.634, 1.630, 1.616). > > Is there a new release of DBI with the fix in place that I missed? > > > ---------- Forwarded message --------- > From: Leonidas S. Barbosa <leo.barb...@canonical.com> > Date: Wed, Sep 16, 2020 at 8:15 AM > Subject: [USN-4503-1] Perl DBI module vulnerability > To: <ubuntu-security-annou...@lists.ubuntu.com> > > > ========================================================================== > > > Ubuntu Security Notice USN-4503-1 > > > September 16, 2020 > > > > > > libdbi-perl vulnerability > > > ========================================================================== > > > > > > A security issue affects these releases of Ubuntu and its derivatives: > > > > > > - Ubuntu 18.04 LTS > > > - Ubuntu 16.04 LTS > > > - Ubuntu 14.04 ESM > > > - Ubuntu 12.04 ESM > > > > > > Summary: > > > > > > Perl DBI module could be made to execute arbitrary code if it received a > > > specially manipulated call. > > > > > > Software Description: > > > - libdbi-perl: Perl Database Interface (DBI) > > > > > > Details: > > > > > > It was discovered that Perl DBI module incorrectly handled certain calls. > > > An attacker could possibly use this issue to execute arbitrary code. > > > > > > Update instructions: > > > > > > The problem can be corrected by updating your system to the following > > > package versions: > > > > > > Ubuntu 18.04 LTS: > > > libdbi-perl 1.640-1ubuntu0.1 > > > > > > Ubuntu 16.04 LTS: > > > libdbi-perl 1.634-1ubuntu0.1 > > > > > > Ubuntu 14.04 ESM: > > > libdbi-perl 1.630-1ubuntu0.1~esm1 > > > > > > Ubuntu 12.04 ESM: > > > libdbi-perl 1.616-1ubuntu0.1 > > > > > > In general, a standard system update will make all the necessary changes. > > > > > > References: > > > https://usn.ubuntu.com/4503-1 > > > CVE-2020-14392 > > > > > > Package Information: > > > https://launchpad.net/ubuntu/+source/libdbi-perl/1.640-1ubuntu0.1 > > > https://launchpad.net/ubuntu/+source/libdbi-perl/1.634-1ubuntu0.1 > > > -- > > > ubuntu-security-announce mailing list > > > ubuntu-security-annou...@lists.ubuntu.com > > > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce > > > > > -- > Jonathan Leffler <jonathan.leff...@gmail.com> #include <disclaimer.h> > Guardian of DBD::Informix - v2018.1031 - http://dbi.perl.org > "Blessed are we who can laugh at ourselves, for we shall never cease to be > amused." > > > <signature.asc> > > > -- Jonathan Leffler <jonathan.leff...@gmail.com> #include <disclaimer.h> Guardian of DBD::Informix - v2018.1031 - http://dbi.perl.org "Blessed are we who can laugh at ourselves, for we shall never cease to be amused."
