This is an automated email from the git hooks/post-receive script. gregoa pushed a commit to branch wheezy-security in repository libdbd-mysql-perl.
commit d8dd6d739fad4706528b798ef9438e8a07d03c1b Author: Markus Koschany <a...@debian.org> Date: Sat Jul 30 12:00:29 2016 +0200 Import Debian patch 4.021-1+deb7u1 --- debian/changelog | 9 +++++++ debian/patches/CVE-2014-9906.patch | 55 ++++++++++++++++++++++++++++++++++++++ debian/patches/CVE-2015-8949.patch | 42 +++++++++++++++++++++++++++++ debian/patches/series | 2 ++ 4 files changed, 108 insertions(+) diff --git a/debian/changelog b/debian/changelog index b718fea..aa1b698 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +libdbd-mysql-perl (4.021-1+deb7u1) wheezy-security; urgency=high + + * Non-maintainer upload by the LTS team. + * Fix two use after free vulnerabilities. + * CVE-2014-9906: use-after-free in mysql_dr_error. + * CVE-2015-8949: Use after free in my_login() function of DBD::mysql. + + -- Markus Koschany <a...@debian.org> Sat, 30 Jul 2016 12:00:29 +0200 + libdbd-mysql-perl (4.021-1) unstable; urgency=low * New upstream release. diff --git a/debian/patches/CVE-2014-9906.patch b/debian/patches/CVE-2014-9906.patch new file mode 100644 index 0000000..f15893e --- /dev/null +++ b/debian/patches/CVE-2014-9906.patch @@ -0,0 +1,55 @@ +From: Markus Koschany <a...@debian.org> +Date: Sat, 30 Jul 2016 11:49:08 +0200 +Subject: CVE-2014-9906 + +Upstream-Bug: https://github.com/perl5-dbi/DBD-mysql/pull/27 + +Origin: https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc +--- + dbdimp.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/dbdimp.c b/dbdimp.c +index 316a4c4..a572eb8 100755 +--- a/dbdimp.c ++++ b/dbdimp.c +@@ -1951,6 +1951,8 @@ static int my_login(pTHX_ SV* dbh, imp_dbh_t *imp_dbh) + char* user; + char* password; + char* mysql_socket; ++ int result; ++ int fresh = 0; + D_imp_xxh(dbh); + + /* TODO- resolve this so that it is set only if DBI is 1.607 */ +@@ -1999,10 +2001,19 @@ static int my_login(pTHX_ SV* dbh, imp_dbh_t *imp_dbh) + port ? port : "NULL"); + + if (!imp_dbh->pmysql) { ++ fresh = 1; + Newz(908, imp_dbh->pmysql, 1, MYSQL); + } +- return mysql_dr_connect(dbh, imp_dbh->pmysql, mysql_socket, host, port, user, ++ result = mysql_dr_connect(dbh, imp_dbh->pmysql, mysql_socket, host, port, user, + password, dbname, imp_dbh) ? TRUE : FALSE; ++ ++ if (fresh && !result) { ++ do_error(dbh, mysql_errno(imp_dbh->pmysql), ++ mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql)); ++ Safefree(imp_dbh->pmysql); ++ imp_dbh->pmysql = NULL; ++ } ++ return result; + } + + +@@ -2054,7 +2065,8 @@ int dbd_db_login(SV* dbh, imp_dbh_t* imp_dbh, char* dbname, char* user, + + if (!my_login(aTHX_ dbh, imp_dbh)) + { +- do_error(dbh, mysql_errno(imp_dbh->pmysql), ++ if(imp_dbh->pmysql) ++ do_error(dbh, mysql_errno(imp_dbh->pmysql), + mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql)); + return FALSE; + } diff --git a/debian/patches/CVE-2015-8949.patch b/debian/patches/CVE-2015-8949.patch new file mode 100644 index 0000000..3c60dca --- /dev/null +++ b/debian/patches/CVE-2015-8949.patch @@ -0,0 +1,42 @@ +From: Markus Koschany <a...@debian.org> +Date: Sat, 30 Jul 2016 11:52:34 +0200 +Subject: CVE-2015-8949 + +Upstream-Bug: https://github.com/perl5-dbi/DBD-mysql/pull/45 + +Origin: https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156 +--- + dbdimp.c | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +diff --git a/dbdimp.c b/dbdimp.c +index a572eb8..8d7f1c9 100755 +--- a/dbdimp.c ++++ b/dbdimp.c +@@ -2007,12 +2007,6 @@ static int my_login(pTHX_ SV* dbh, imp_dbh_t *imp_dbh) + result = mysql_dr_connect(dbh, imp_dbh->pmysql, mysql_socket, host, port, user, + password, dbname, imp_dbh) ? TRUE : FALSE; + +- if (fresh && !result) { +- do_error(dbh, mysql_errno(imp_dbh->pmysql), +- mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql)); +- Safefree(imp_dbh->pmysql); +- imp_dbh->pmysql = NULL; +- } + return result; + } + +@@ -2065,9 +2059,12 @@ int dbd_db_login(SV* dbh, imp_dbh_t* imp_dbh, char* dbname, char* user, + + if (!my_login(aTHX_ dbh, imp_dbh)) + { +- if(imp_dbh->pmysql) ++ if(imp_dbh->pmysql) { + do_error(dbh, mysql_errno(imp_dbh->pmysql), + mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql)); ++ Safefree(imp_dbh->pmysql); ++ ++ } + return FALSE; + } + diff --git a/debian/patches/series b/debian/patches/series index fc4134b..6db8ec5 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,4 @@ fix_pod_for_manpage fix_spelling +CVE-2014-9906.patch +CVE-2015-8949.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libdbd-mysql-perl.git _______________________________________________ Pkg-perl-cvs-commits mailing list Pkg-perl-cvs-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits