Dear Perl community, I’m pleased to announce the release of DBD::Mysql 4.039. This release contains a fix to a vulnerability that was found and now fixed per CVE-2016-1249. A description from the advisory reads:
A vulnerability was discovered that can lead to an out-of-bounds read when using server side prepared statements with an unaligned number of placeholders in WHERE condition and output fields in SELECT expression. Versions known to be affected — 2.9004 and later (2005 and later) Versions known to be not affected — 2.9003 and earlier (before 2005) Version containing Fix — 4.039 and later (current) Thanks to Pali Rohár for discovering and fixing this vulnerability! The mirrors on CPAN should now be up to date and the release found at http://search.cpan.org/~capttofu/DBD-mysql-4.039/lib/DBD/mysql.pm <http://search.cpan.org/~capttofu/DBD-mysql-4.039/lib/DBD/mysql.pm> The source code available at https://github.com/perl5-dbi/DBD-mysql Regards, Patrick and Michiel
signature.asc
Description: Message signed with OpenPGP using GPGMail