[SECURITY] [DLA 3035-1] libdbi-perl security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3035-1] libdbi-perl security update
From: Sylvain Beucler <beuc@beuc.net>
Date: Mon, 30 May 2022 22:10:43 +0200
Message-id: <[🔎] 20220530201043.GA18107@mail.beuc.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3035-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Sylvain Beucler
May 30, 2022                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libdbi-perl
Version        : 1.636-1+deb9u2
CVE ID         : CVE-2014-10402
Debian Bug     : 972180

It was discovered that CVE-2014-10401 was fixed incompletely in the
Perl5 Database Interface (DBI).  An attacker could trigger information
disclosure through a different vector.

CVE-2014-10401

    DBD::File drivers can open files from folders other than those
    specifically passed via the f_dir attribute.

CVE-2014-10402

    DBD::File drivers can open files from folders other than those
    specifically passed via the f_dir attribute in the data source
    name (DSN). NOTE: this issue exists because of an incomplete fix
    for CVE-2014-10401.

For Debian 9 stretch, this problem has been fixed in version
1.636-1+deb9u2.

We recommend that you upgrade your libdbi-perl packages.

For the detailed security status of libdbi-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libdbi-perl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmKVJFoACgkQDTl9HeUl
XjDXzhAAiaLxY0eC71AtSFPv0viSLAMyItRXLLwKvfV4DRi/Ev3zZ0jtlk6G5nEb
iPNeKHP3cCW6WCAg+B57wepnDRbfxJYmV9L7jIVsqMX17/vIFBrZve1c/fPs7Phj
3kVNratyMHDcDNge77e/r6ORnu3Giy+Kbm3IZkYDL+05Cx16YUximqq24kpUfVGk
SVxRDf0oDsPv5iiLly/iIH3xgsD7eO9rmTIW94XSSgO1BB2m0s2LdMUPAwAzIfIM
EmEchEjoC1zSJZLpPjL/XCJGHvKJ6DcaUgltuOdLW44y3lpPMZUh+Hiq6es+E/RH
8tkxWp1wglAffBSH6IiDES+2plShXQxjCcN+Ax8EETnnNlLsNBZeXrpMkvppwaqG
J/6+3Vbjk3nJyH9FKlseufMqGxOaLVeTAwewcae/BlJxZvybA5n4HzulN8n7h3N7
HxRhQRfnrb7UHmKpXPiDSW4dTzfNxrTMxQzKq3idImxY2/X0PyXihBZnufmigHc2
v/OkT50k0gdJk/DOU/MgGMzvlzQm92NHrVl3GnxUn3xc/HffQM/Ti9o3+17oIXC9
KYIaiuvlzJuV9QflkvPLGHANPt6NXRSuTN8bAcFgHmU3JRdryO0UkOEZMNPcbJ83
er/t5oBx2xZ1bPzsChEQYSrwE8GdmTZyIijhqQNkcWYFN9D16Zs=
=Xu14
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3034-1] haproxy security update
Next by Date: [SECURITY] [DLA 3036-1] pjproject security update
Previous by thread: [SECURITY] [DLA 3034-1] haproxy security update
Next by thread: [SECURITY] [DLA 3036-1] pjproject security update
Index(es):
- Date
- Thread