Hello community,

here is the log from the commit of package perl-DBD-mysql for openSUSE:Factory 
checked in at 2016-10-10 16:23:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-DBD-mysql (Old)
 and      /work/SRC/openSUSE:Factory/.perl-DBD-mysql.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "perl-DBD-mysql"

Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-DBD-mysql/perl-DBD-mysql.changes    
2016-09-05 21:22:15.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.perl-DBD-mysql.new/perl-DBD-mysql.changes       
2016-10-10 16:23:48.000000000 +0200
@@ -1,0 +2,13 @@
+Tue Oct  4 05:17:34 UTC 2016 - [email protected]
+
+- updated to 4.037
+   see /usr/share/doc/packages/perl-DBD-mysql/Changes
+
+  2016-10-03 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.037)
+  * Security release to patch possible buffer overflow in prepared
+    statements. Reported and fixed by Pali Rohár. This vulnerability
+    is present in all releases at least back to versions 3.0 of the
+    driver, which were released in 2005.
+    The CVE identifier for this vulnerability is CVE-2016-1246.
+
+-------------------------------------------------------------------

Old:
----
  DBD-mysql-4.036.tar.gz

New:
----
  DBD-mysql-4.037.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ perl-DBD-mysql.spec ++++++
--- /var/tmp/diff_new_pack.OY4Ylr/_old  2016-10-10 16:23:51.000000000 +0200
+++ /var/tmp/diff_new_pack.OY4Ylr/_new  2016-10-10 16:23:51.000000000 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           perl-DBD-mysql
-Version:        4.036
+Version:        4.037
 Release:        0
 %define cpan_name DBD-mysql
 Summary:        MySQL driver for the Perl5 Database Interface (DBI)

++++++ DBD-mysql-4.036.tar.gz -> DBD-mysql-4.037.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/DBD-mysql-4.036/Changes new/DBD-mysql-4.037/Changes
--- old/DBD-mysql-4.036/Changes 2016-08-23 07:58:39.000000000 +0200
+++ new/DBD-mysql-4.037/Changes 2016-10-03 08:52:35.000000000 +0200
@@ -1,3 +1,10 @@
+2016-10-03 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.037)
+* Security release to patch possible buffer overflow in prepared
+  statements. Reported and fixed by Pali Rohár. This vulnerability
+  is present in all releases at least back to versions 3.0 of the
+  driver, which were released in 2005.
+  The CVE identifier for this vulnerability is CVE-2016-1246.
+
 2016-08-23 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.036)
 Stable version, to include all changes since 4.035.
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/DBD-mysql-4.036/META.json 
new/DBD-mysql-4.037/META.json
--- old/DBD-mysql-4.036/META.json       2016-08-23 07:58:58.000000000 +0200
+++ new/DBD-mysql-4.037/META.json       2016-10-03 08:53:48.000000000 +0200
@@ -4,7 +4,7 @@
       "Patrick Galbraith <[email protected]>"
    ],
    "dynamic_config" : 1,
-   "generated_by" : "ExtUtils::MakeMaker version 7.18, CPAN::Meta::Converter 
version 2.150005",
+   "generated_by" : "ExtUtils::MakeMaker version 7.1001, CPAN::Meta::Converter 
version 2.150005",
    "license" : [
       "perl_5"
    ],
@@ -22,7 +22,10 @@
    "prereqs" : {
       "build" : {
          "requires" : {
-            "ExtUtils::MakeMaker" : "0"
+            "ExtUtils::MakeMaker" : "0",
+            "Test::Deep" : "0",
+            "Test::Simple" : "0.90",
+            "Time::HiRes" : "0"
          }
       },
       "configure" : {
@@ -36,13 +39,6 @@
             "DBI" : "1.609",
             "perl" : "5.008001"
          }
-      },
-      "test" : {
-         "requires" : {
-            "Test::Deep" : "0",
-            "Test::Simple" : "0.90",
-            "Time::HiRes" : "0"
-         }
       }
    },
    "release_status" : "stable",
@@ -57,7 +53,7 @@
       "x_IRC" : "irc://irc.perl.org/#dbi",
       "x_MailingList" : "mailto:[email protected]";
    },
-   "version" : "4.036",
+   "version" : "4.037",
    "x_contributors" : [
       "Alexandr Ciornii <[email protected]>",
       "Alexey Molchanov <[email protected]>",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/DBD-mysql-4.036/META.yml new/DBD-mysql-4.037/META.yml
--- old/DBD-mysql-4.036/META.yml        2016-08-23 07:58:58.000000000 +0200
+++ new/DBD-mysql-4.037/META.yml        2016-10-03 08:53:48.000000000 +0200
@@ -11,7 +11,7 @@
   DBI: '1.609'
   Data::Dumper: '0'
 dynamic_config: 1
-generated_by: 'ExtUtils::MakeMaker version 7.18, CPAN::Meta::Converter version 
2.150005'
+generated_by: 'ExtUtils::MakeMaker version 7.1001, CPAN::Meta::Converter 
version 2.150005'
 license: perl
 meta-spec:
   url: http://module-build.sourceforge.net/META-spec-v1.4.html
@@ -30,7 +30,7 @@
   homepage: http://dbi.perl.org/
   license: http://dev.perl.org/licenses/
   repository: https://github.com/perl5-dbi/DBD-mysql
-version: '4.036'
+version: '4.037'
 x_contributors:
   - 'Alexandr Ciornii <[email protected]>'
   - 'Alexey Molchanov <[email protected]>'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/DBD-mysql-4.036/dbdimp.c new/DBD-mysql-4.037/dbdimp.c
--- old/DBD-mysql-4.036/dbdimp.c        2016-08-01 08:26:44.000000000 +0200
+++ new/DBD-mysql-4.037/dbdimp.c        2016-10-03 08:52:35.000000000 +0200
@@ -4783,7 +4783,7 @@
   int rc;
   int param_num= SvIV(param);
   int idx= param_num - 1;
-  char err_msg[64];
+  char *err_msg;
   D_imp_xxh(sth);
 
 #if MYSQL_VERSION_ID >= SERVER_PREPARE_VERSION
@@ -4826,9 +4826,9 @@
   {
     if (! looks_like_number(value))
     {
-      sprintf(err_msg,
+      err_msg = SvPVX(sv_2mortal(newSVpvf(
               "Binding non-numeric field %d, value %s as a numeric!",
-              param_num, neatsvpv(value,0));
+              param_num, neatsvpv(value,0))));
       do_error(sth, JW_ERR_ILLEGAL_PARAM_NUM, err_msg, NULL);
     }
   }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/DBD-mysql-4.036/lib/Bundle/DBD/mysql.pm 
new/DBD-mysql-4.037/lib/Bundle/DBD/mysql.pm
--- old/DBD-mysql-4.036/lib/Bundle/DBD/mysql.pm 2016-08-23 07:58:39.000000000 
+0200
+++ new/DBD-mysql-4.037/lib/Bundle/DBD/mysql.pm 2016-10-03 08:52:35.000000000 
+0200
@@ -3,7 +3,7 @@
 use strict;
 use warnings;
 
-our $VERSION = '4.036';
+our $VERSION = '4.037';
 
 1;
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/DBD-mysql-4.036/lib/DBD/mysql.pm 
new/DBD-mysql-4.037/lib/DBD/mysql.pm
--- old/DBD-mysql-4.036/lib/DBD/mysql.pm        2016-08-23 07:58:39.000000000 
+0200
+++ new/DBD-mysql-4.037/lib/DBD/mysql.pm        2016-10-03 08:52:35.000000000 
+0200
@@ -15,7 +15,7 @@
 # SQL_DRIVER_VER is formatted as dd.dd.dddd
 # for version 5.x please switch to 5.00(_00) version numbering
 # keep $VERSION in Bundle/DBD/mysql.pm in sync
-our $VERSION = '4.036';
+our $VERSION = '4.037';
 
 bootstrap DBD::mysql $VERSION;
 


Reply via email to