Bug#580479: libdbd-mysql-perl can access out of string and call craches
Dmitry E. Oboukhov
unera at debian.org
Thu May 6 09:23:46 UTC 2010
Package: libdbd-mysql-perl
Version: 4.014-1
Severity: serious
Tags: upstream
Forwarded: https://rt.cpan.org/Ticket/Display.html?id=57253
Hi, Maintainer!
There is a serious problem in last DBD::mysql if SQL-query finishes by
C-like commentary.
For example: $dbh->do('SELECT 1 /* comment */');
In this case it will access to symbols out of sql-statement and can
lead to craches.
I opened a bug in upstream, too.
--
... mpd is off
. ''`. Dmitry E. Oboukhov
: :’ : email: unera at debian.org jabber://UNera@uvw.ru
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
`- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20100506/5616678c/attachment.pgp>
More information about the pkg-perl-maintainers
mailing list