[libdbd-mysql-perl] 01/02: Import Debian patch 4.028-2+deb8u2

Mon, 03 Oct 2016 10:06:16 -0700 

This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch jessie
in repository libdbd-mysql-perl.

commit cab04acf04922b02afbfb8df611aac4edbb1c8e6
Author: Florian Weimer <f...@deneb.enyo.de>
Date:   Mon Oct 3 18:02:45 2016 +0200

    Import Debian patch 4.028-2+deb8u2
---
 debian/changelog                   |  6 ++++++
 debian/patches/CVE-2016-1246.patch | 36 ++++++++++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 43 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 38127bd..2ffc66a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libdbd-mysql-perl (4.028-2+deb8u2) jessie-security; urgency=high
+
+  * CVE-2016-1246: Buffer overflow in bind variable error reporting.
+
+ -- Florian Weimer <f...@deneb.enyo.de>  Mon, 03 Oct 2016 18:02:45 +0200
+
 libdbd-mysql-perl (4.028-2+deb8u1) jessie-security; urgency=high
 
   * Team upload.
diff --git a/debian/patches/CVE-2016-1246.patch 
b/debian/patches/CVE-2016-1246.patch
new file mode 100644
index 0000000..6f76a14
--- /dev/null
+++ b/debian/patches/CVE-2016-1246.patch
@@ -0,0 +1,36 @@
+From 3c4342d182f8e7b1ea9a8d907de65ec6338b4d53 Mon Sep 17 00:00:00 2001
+From: Pali <p...@cpan.org>
+Date: Sat, 24 Sep 2016 14:47:59 +0200
+Subject: [PATCH] Do not use unsafe sprintf w/variable length input
+
+This can cause a  buffer overflow to occur when reporting
+error message about validation of (untrusted) user input parameters.
+---
+ dbdimp.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+Index: b/dbdimp.c
+===================================================================
+--- a/dbdimp.c
++++ b/dbdimp.c
+@@ -4672,7 +4672,7 @@ int dbd_bind_ph(SV *sth, imp_sth_t *imp_
+   int rc;
+   int param_num= SvIV(param);
+   int idx= param_num - 1;
+-  char err_msg[64];
++  char *err_msg;
+   D_imp_xxh(sth);
+ 
+ #if MYSQL_VERSION_ID >= SERVER_PREPARE_VERSION
+@@ -4714,9 +4714,9 @@ int dbd_bind_ph(SV *sth, imp_sth_t *imp_
+   {
+     if (! looks_like_number(value))
+     {
+-      sprintf(err_msg,
++      err_msg = SvPVX(sv_2mortal(newSVpvf(
+               "Binding non-numeric field %d, value %s as a numeric!",
+-              param_num, neatsvpv(value,0));
++              param_num, neatsvpv(value,0))));
+       do_error(sth, JW_ERR_ILLEGAL_PARAM_NUM, err_msg, NULL);
+     }
+   }
diff --git a/debian/patches/series b/debian/patches/series
index 62cebaa..2b253ea 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 pod-whatis.patch
 CVE-2014-9906.patch
 CVE-2015-8949.patch
+CVE-2016-1246.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-perl/packages/libdbd-mysql-perl.git

_______________________________________________
Pkg-perl-cvs-commits mailing list
Pkg-perl-cvs-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits

Reply via email to