Accepted libdbi-perl 1.636-1+deb9u1 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 21 Sep 2020 17:33:05 +0200
Source: libdbi-perl
Binary: libdbi-perl
Architecture: source
Version: 1.636-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
libdbi-perl - Perl Database Interface (DBI)
Changes:
libdbi-perl (1.636-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2019-20919: the hv_fetch() documentation requires checking for
NULL and the code does that. But, shortly thereafter, it calls
SvOK(profile), causing a NULL pointer dereference.
* CVE-2020-14392: an untrusted pointer dereference flaw was found in
Perl-DBI. A local attacker who is able to manipulate calls to
dbd_db_login6_sv() could cause memory corruption, affecting the
service's availability.
* CVE-2020-14393: a buffer overflow on via an overlong DBD class name in
dbih_setup_handle function may lead to data be written past the
intended limit.
Checksums-Sha1:
3e0ebb22c96cc379f70657a6d03f0e80ed9914aa 2000 libdbi-perl_1.636-1+deb9u1.dsc
fd305ba74fdf5a59605aaffd7e53bcd1018c99bb 595433 libdbi-perl_1.636.orig.tar.gz
a47dc6a60001eddc4418e50b13a2e5d86fb8f56b 16196 libdbi-perl_1.636-1+deb9u1.debian.tar.xz
f2c09fca6a02a87988c9002933a26f8d984a80f0 5944 libdbi-perl_1.636-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
e4fd24a59660415966a313304788d99f16c08c0c1aaad8fcc5ee9c65f8759435 2000 libdbi-perl_1.636-1+deb9u1.dsc
8f7ddce97c04b4b7a000e65e5d05f679c964d62c8b02c94c1a7d815bb2dd676c 595433 libdbi-perl_1.636.orig.tar.gz
966d1c2b498d63b31b5a11b4401d8c12307cbde5a3a271f508f3411a9c2df2c6 16196 libdbi-perl_1.636-1+deb9u1.debian.tar.xz
6a8164c0a5cf535017b1bc993f6ed545f339b88fbf93d82e0405b1caf24b63c3 5944 libdbi-perl_1.636-1+deb9u1_amd64.buildinfo
Files:
98e12359ca0d02cbf31da6987d86ba46 2000 perl optional libdbi-perl_1.636-1+deb9u1.dsc
60f291e5f015550dde71d1858dfe93ba 595433 perl optional libdbi-perl_1.636.orig.tar.gz
4fff1d63e58016a6bb1cd4805286bc26 16196 perl optional libdbi-perl_1.636-1+deb9u1.debian.tar.xz
31613ba30d7219bc5c776e00e2986e50 5944 perl optional libdbi-perl_1.636-1+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl9x2xUACgkQj/HLbo2J
BZ8XnAf+PUcdm6iccuefKcYYfxXj1hlpREOCb2LyPTeQWLNp87ujz0qs1JSE3KuM
aNLSRysZjxCSsOkd7D0Kc2hpnQ2/m+/Mz3J4i1aBf+jIbeAlVpSwCW9j5K4/SCVs
/XxHjjD+yuiVwwtKeKfa1fmS9gi8zoXqULGIgGAyRq/yM7+Yk4m2pxFeXnXqa1Nh
iVeHieTVMKX4aY4whQHvgfgx7HpcQhpJWA/u08hPRiXPs9ft3awLWXScZ13y5ifI
2MmGNTDOpv7bnIufovtM0jRsgxhoe+2ykXAUO4XuWS9n82nwPtyo/AA2WgVEEol/
AuCprGXRYL8zESUpKCwm/TmDHgikmg==
=6Svx
-----END PGP SIGNATURE-----