This is an automated email from the git hooks/post-receive script. carnil pushed a commit to branch jessie in repository libdbd-mysql-perl.
commit cab04acf04922b02afbfb8df611aac4edbb1c8e6 Author: Florian Weimer <f...@deneb.enyo.de> Date: Mon Oct 3 18:02:45 2016 +0200 Import Debian patch 4.028-2+deb8u2 --- debian/changelog | 6 ++++++ debian/patches/CVE-2016-1246.patch | 36 ++++++++++++++++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 43 insertions(+) diff --git a/debian/changelog b/debian/changelog index 38127bd..2ffc66a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +libdbd-mysql-perl (4.028-2+deb8u2) jessie-security; urgency=high + + * CVE-2016-1246: Buffer overflow in bind variable error reporting. + + -- Florian Weimer <f...@deneb.enyo.de> Mon, 03 Oct 2016 18:02:45 +0200 + libdbd-mysql-perl (4.028-2+deb8u1) jessie-security; urgency=high * Team upload. diff --git a/debian/patches/CVE-2016-1246.patch b/debian/patches/CVE-2016-1246.patch new file mode 100644 index 0000000..6f76a14 --- /dev/null +++ b/debian/patches/CVE-2016-1246.patch @@ -0,0 +1,36 @@ +From 3c4342d182f8e7b1ea9a8d907de65ec6338b4d53 Mon Sep 17 00:00:00 2001 +From: Pali <p...@cpan.org> +Date: Sat, 24 Sep 2016 14:47:59 +0200 +Subject: [PATCH] Do not use unsafe sprintf w/variable length input + +This can cause a buffer overflow to occur when reporting +error message about validation of (untrusted) user input parameters. +--- + dbdimp.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +Index: b/dbdimp.c +=================================================================== +--- a/dbdimp.c ++++ b/dbdimp.c +@@ -4672,7 +4672,7 @@ int dbd_bind_ph(SV *sth, imp_sth_t *imp_ + int rc; + int param_num= SvIV(param); + int idx= param_num - 1; +- char err_msg[64]; ++ char *err_msg; + D_imp_xxh(sth); + + #if MYSQL_VERSION_ID >= SERVER_PREPARE_VERSION +@@ -4714,9 +4714,9 @@ int dbd_bind_ph(SV *sth, imp_sth_t *imp_ + { + if (! looks_like_number(value)) + { +- sprintf(err_msg, ++ err_msg = SvPVX(sv_2mortal(newSVpvf( + "Binding non-numeric field %d, value %s as a numeric!", +- param_num, neatsvpv(value,0)); ++ param_num, neatsvpv(value,0)))); + do_error(sth, JW_ERR_ILLEGAL_PARAM_NUM, err_msg, NULL); + } + } diff --git a/debian/patches/series b/debian/patches/series index 62cebaa..2b253ea 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ pod-whatis.patch CVE-2014-9906.patch CVE-2015-8949.patch +CVE-2016-1246.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libdbd-mysql-perl.git _______________________________________________ Pkg-perl-cvs-commits mailing list Pkg-perl-cvs-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits