Hi Xavier, On Fri, Sep 11, 2020 at 06:02:00PM +0200, Xavier Guimard wrote: > Package: release.debian.org > Severity: normal > Tags: buster > User: release.debian....@packages.debian.org > Usertags: pu > X-Debbugs-Cc: debian-p...@lists.debian.org > > [ Reason ] > libdbi-perl is vulnerable to (low) security bug (CVE-2020-14392) > > [ Impact ] > libdbi-perl may crash if an attacker can give a malformed login > > [ Tests ] > No new test, current passed > > [ Risks ] > This patch is very simple > > [ Checklist ] > [X] *all* changes are documented in the d/changelog > [X] I reviewed all changes and I approve them > [X] attach debdiff against the package in (old)stable > [X] the issue is verified as fixed in unstable > > [ Changes ] > Returned values are more tested
> diff --git a/debian/changelog b/debian/changelog > index d2e35cc..d0ad39a 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,10 @@ > +libdbi-perl (1.642-1+deb10u1) buster; urgency=medium > + > + * Fix memory corruption in XS functions when Perl stack is reallocated > + (Closes: CVE-2020-14392) Note that there is as well CVE-2020-14393, could you add the fix for this one as well? Regards, Salvatore