Bug#972180: libdbi-perl: CVE-2014-10402
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 13 21:10:13 BST 2020
Source: libdbi-perl
Version: 1.643-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for libdbi-perl, this is
mainly to have tracking bug in Debian as well. There is at this point
not been a fix upstream, there is a proposed fix in [2].
CVE-2014-10402[0]:
| An issue was discovered in the DBI module through 1.643 for Perl.
| DBD::File drivers can open files from folders other than those
| specifically passed via the f_dir attribute in the data source name
| (DSN). NOTE: this issue exists because of an incomplete fix for
| CVE-2014-10401.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-10402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10402
[1] https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590
[2] https://github.com/perl5-dbi/dbi/pull/93
Regards,
Salvatore
More information about the pkg-perl-maintainers
mailing list