Your message dated Wed, 28 Oct 2020 09:34:59 +0000
with message-id <[email protected]>
and subject line Bug#972180: fixed in libdbi-perl 1.643-3
has caused the Debian Bug report #972180,
regarding libdbi-perl: CVE-2014-10402
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
972180: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972180
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libdbi-perl
Version: 1.643-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libdbi-perl, this is
mainly to have tracking bug in Debian as well. There is at this point
not been a fix upstream, there is a proposed fix in [2].
CVE-2014-10402[0]:
| An issue was discovered in the DBI module through 1.643 for Perl.
| DBD::File drivers can open files from folders other than those
| specifically passed via the f_dir attribute in the data source name
| (DSN). NOTE: this issue exists because of an incomplete fix for
| CVE-2014-10401.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-10402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10402
[1] https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590
[2] https://github.com/perl5-dbi/dbi/pull/93
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libdbi-perl
Source-Version: 1.643-3
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libdbi-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated libdbi-perl
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 28 Oct 2020 10:24:04 +0100
Source: libdbi-perl
Architecture: source
Version: 1.643-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 972180
Changes:
libdbi-perl (1.643-3) unstable; urgency=medium
.
* Team upload.
.
[ gregor herrmann ]
* Update 'DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow' to '=+all'.
* Update lintian overrides for renamed tags.
.
[ Salvatore Bonaccorso ]
* t/51dbm_file.t: add test from RT#99508
* lib/DBD/File.pm: fix CVE-2014-10401 (Closes: #972180)
Checksums-Sha1:
395f935b996b94920fcd4be51413db88678e7b93 2376 libdbi-perl_1.643-3.dsc
6a3c659bfe639a8f594be07974326f9466ee205d 14564
libdbi-perl_1.643-3.debian.tar.xz
Checksums-Sha256:
e5772cd2ffd7024f39fa5e6e50197c608bd0d1a17054bab259794f345f0029d0 2376
libdbi-perl_1.643-3.dsc
556ef8769da9d2aa4b8a0d251b20a3d30d69857a837d369743795189a9f73c8f 14564
libdbi-perl_1.643-3.debian.tar.xz
Files:
19a07a468f9308722fdce39010640644 2376 perl optional libdbi-perl_1.643-3.dsc
8b1c0e3cb1ccad348fd82dbd9504f49a 14564 perl optional
libdbi-perl_1.643-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl+ZOghfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EF/IQAJM9sXTR7cMgCSFiX7lxH9BRvvLSrpqK
V1xOQMwsHLFBsu5AtX0ZAJsj0iz26Ba0F9DN8sbS8KunkwBpkTxDA0IEB0NAbOTG
MDnXi41TFPDSUL65Y8EPayDbpTN4MjXGbdpFhedhQ4kW4DOAO4mksvbY+U7RleNs
Uw8lRch2PKKnVHusilfxGqBQTtHC+aey/hrzPbbLYgxNyEwVPylkLD9/gr9My+c3
BvRRXi87KQV6Fa4lJjSwyW0IVMKCdwdcM1Oh5iQ3JU+5JpXdX0cpC9z45kK0U6LT
qPPDbZVpyzqRnQfixIVI6nPZsLjrT5YnRcWzeQ/xqr3n7xsn6RiFuH/6sojvTLZE
EzwrtllS3KaT52ct79iqEaN8/lFWi9u57I27oyDXOVQcagjaA12n7hVqCBioIh3o
6zlV54vkzJmshapfOsCSK85za551VwCtwc4aqgo/bFdPQu6bmrhT6R9G1OYSzYaK
690RqBLchqhU0tNW/gs96Sep1BjqH2X2TowMOk9WDDj0gIK0HK/RUOQ6pZEyOpH8
FeG1ftL+eoK2KXMkgHgg6ni7nTkWDgFdWNzuOjX/nfsiKO0ncBZt3vcEExYqdR2/
CyKojJY43HKGgAall63Dcj4XmgiQkhJw5RdFcW5NrHIQ6rVR6G+S8pjnOFe35R5U
tpojLVDmbK7X
=uKkg
-----END PGP SIGNATURE-----
--- End Message ---
