[libdbi-perl] 02/04: warn users of DBI::Proxy about its unsafe usage of Storable
This is an automated email from the git hooks/post-receive script. carnil pushed a commit to branch squeeze in repository libdbi-perl. commit 0d7ef6ed2273ad9e2aeb206e4533fd264399404f Author: Damyan Ivanov Date: Mon Apr 21 18:08:12 2014 + warn users of DBI::Proxy about its unsafe usage of Storable patch by Petr Písař from https://rt.cpan.org/Public/Bug/Display.html?id=90475 --- debian/patches/Security-notice-for-Proxy.patch | 56 ++ debian/patches/series | 1 + 2 files changed, 57 insertions(+) diff --git a/debian/patches/Security-notice-for-Proxy.patch b/debian/patches/Security-notice-for-Proxy.patch new file mode 100644 index 000..53b0294 --- /dev/null +++ b/debian/patches/Security-notice-for-Proxy.patch @@ -0,0 +1,56 @@ +From cd8fcbbf402e1d70c9f325f8b0fcd99e02cf14be Mon Sep 17 00:00:00 2001 +From: Petr Písař +Date: Mon, 18 Nov 2013 12:52:09 +0100 +Subject: [PATCH] Security notice for Proxy +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Bug: https://rt.cpan.org/Public/Bug/Display.html?id=90475 + +PlRPC is not secure due to Storable. Warn Proxy users about it. + +Signed-off-by: Petr Písař +--- + lib/DBD/Proxy.pm | 7 +++ + lib/DBI/ProxyServer.pm | 7 +++ + 2 files changed, 14 insertions(+) + +diff --git a/lib/DBD/Proxy.pm b/lib/DBD/Proxy.pm +index 287b2dc..5948255 100644 +--- a/lib/DBD/Proxy.pm b/lib/DBD/Proxy.pm +@@ -974,6 +974,13 @@ The workaround is storing the modified local copy back to the server: + $dbh->{"csv_tables"} = $tables; + + ++=head1 SECURITY WARNING ++ ++L used underneath is not secure due to serializing and ++deserializing data with L module. Use the proxy driver only in ++trusted environment. ++ ++ + =head1 AUTHOR AND COPYRIGHT + + This module is Copyright (c) 1997, 1998 +diff --git a/lib/DBI/ProxyServer.pm b/lib/DBI/ProxyServer.pm +index 68ad4af..78a0d78 100644 +--- a/lib/DBI/ProxyServer.pm b/lib/DBI/ProxyServer.pm +@@ -867,6 +867,13 @@ Don't try to put parameters into the sql-query like this: + =back + + ++=head1 SECURITY WARNING ++ ++L used underneath is not secure due to serializing and ++deserializing data with L module. Use the proxy driver only in ++trusted environment. ++ ++ + =head1 AUTHOR + + Copyright (c) 1997Jochen Wiedmann +-- +1.8.3.1 + diff --git a/debian/patches/series b/debian/patches/series index 3a41634..8af253f 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,4 @@ t__06attrs.t__localefix.patch t__40profile.t__NTP.patch t__80proxy.t___syslogd.patch spelling.patch +Security-notice-for-Proxy.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libdbi-perl.git ___ Pkg-perl-cvs-commits mailing list Pkg-perl-cvs-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits
[libdbi-perl] 02/04: warn users of DBI::Proxy about its unsafe usage of Storable
This is an automated email from the git hooks/post-receive script. carnil pushed a commit to annotated tag debian/1.622-1+deb7u1 in repository libdbi-perl. commit e7ffab2ebc48d45703cb602bf83ceaa089076071 Author: Damyan Ivanov Date: Mon Apr 21 18:08:12 2014 + warn users of DBI::Proxy about its unsafe usage of Storable patch by Petr Písař from https://rt.cpan.org/Public/Bug/Display.html?id=90475 --- debian/patches/Security-notice-for-Proxy.patch | 56 ++ debian/patches/series | 1 + 2 files changed, 57 insertions(+) diff --git a/debian/patches/Security-notice-for-Proxy.patch b/debian/patches/Security-notice-for-Proxy.patch new file mode 100644 index 000..53b0294 --- /dev/null +++ b/debian/patches/Security-notice-for-Proxy.patch @@ -0,0 +1,56 @@ +From cd8fcbbf402e1d70c9f325f8b0fcd99e02cf14be Mon Sep 17 00:00:00 2001 +From: Petr Písař +Date: Mon, 18 Nov 2013 12:52:09 +0100 +Subject: [PATCH] Security notice for Proxy +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Bug: https://rt.cpan.org/Public/Bug/Display.html?id=90475 + +PlRPC is not secure due to Storable. Warn Proxy users about it. + +Signed-off-by: Petr Písař +--- + lib/DBD/Proxy.pm | 7 +++ + lib/DBI/ProxyServer.pm | 7 +++ + 2 files changed, 14 insertions(+) + +diff --git a/lib/DBD/Proxy.pm b/lib/DBD/Proxy.pm +index 287b2dc..5948255 100644 +--- a/lib/DBD/Proxy.pm b/lib/DBD/Proxy.pm +@@ -974,6 +974,13 @@ The workaround is storing the modified local copy back to the server: + $dbh->{"csv_tables"} = $tables; + + ++=head1 SECURITY WARNING ++ ++L used underneath is not secure due to serializing and ++deserializing data with L module. Use the proxy driver only in ++trusted environment. ++ ++ + =head1 AUTHOR AND COPYRIGHT + + This module is Copyright (c) 1997, 1998 +diff --git a/lib/DBI/ProxyServer.pm b/lib/DBI/ProxyServer.pm +index 68ad4af..78a0d78 100644 +--- a/lib/DBI/ProxyServer.pm b/lib/DBI/ProxyServer.pm +@@ -867,6 +867,13 @@ Don't try to put parameters into the sql-query like this: + =back + + ++=head1 SECURITY WARNING ++ ++L used underneath is not secure due to serializing and ++deserializing data with L module. Use the proxy driver only in ++trusted environment. ++ ++ + =head1 AUTHOR + + Copyright (c) 1997Jochen Wiedmann +-- +1.8.3.1 + diff --git a/debian/patches/series b/debian/patches/series index 1e834d7..43e9b43 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,4 @@ t__06attrs.t__localefix.patch t__40profile.t__NTP.patch t__80proxy.t___syslogd.patch fix-spelling.patch +Security-notice-for-Proxy.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libdbi-perl.git ___ Pkg-perl-cvs-commits mailing list Pkg-perl-cvs-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits