Accepted libdbi-perl 1.636-1+deb9u1 (source) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted libdbi-perl 1.636-1+deb9u1 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 28 Sep 2020 13:11:58 +0000
Message-id: <[🔎] E1kMswg-00073t-4o@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 21 Sep 2020 17:33:05 +0200
Source: libdbi-perl
Binary: libdbi-perl
Architecture: source
Version: 1.636-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
 libdbi-perl - Perl Database Interface (DBI)
Changes:
 libdbi-perl (1.636-1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2019-20919: the hv_fetch() documentation requires checking for
     NULL and the code does that. But, shortly thereafter, it calls
     SvOK(profile), causing a NULL pointer dereference.
   * CVE-2020-14392: an untrusted pointer dereference flaw was found in
     Perl-DBI. A local attacker who is able to manipulate calls to
     dbd_db_login6_sv() could cause memory corruption, affecting the
     service's availability.
   * CVE-2020-14393: a buffer overflow on via an overlong DBD class name in
     dbih_setup_handle function may lead to data be written past the
     intended limit.
Checksums-Sha1:
 3e0ebb22c96cc379f70657a6d03f0e80ed9914aa 2000 libdbi-perl_1.636-1+deb9u1.dsc
 fd305ba74fdf5a59605aaffd7e53bcd1018c99bb 595433 libdbi-perl_1.636.orig.tar.gz
 a47dc6a60001eddc4418e50b13a2e5d86fb8f56b 16196 libdbi-perl_1.636-1+deb9u1.debian.tar.xz
 f2c09fca6a02a87988c9002933a26f8d984a80f0 5944 libdbi-perl_1.636-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
 e4fd24a59660415966a313304788d99f16c08c0c1aaad8fcc5ee9c65f8759435 2000 libdbi-perl_1.636-1+deb9u1.dsc
 8f7ddce97c04b4b7a000e65e5d05f679c964d62c8b02c94c1a7d815bb2dd676c 595433 libdbi-perl_1.636.orig.tar.gz
 966d1c2b498d63b31b5a11b4401d8c12307cbde5a3a271f508f3411a9c2df2c6 16196 libdbi-perl_1.636-1+deb9u1.debian.tar.xz
 6a8164c0a5cf535017b1bc993f6ed545f339b88fbf93d82e0405b1caf24b63c3 5944 libdbi-perl_1.636-1+deb9u1_amd64.buildinfo
Files:
 98e12359ca0d02cbf31da6987d86ba46 2000 perl optional libdbi-perl_1.636-1+deb9u1.dsc
 60f291e5f015550dde71d1858dfe93ba 595433 perl optional libdbi-perl_1.636.orig.tar.gz
 4fff1d63e58016a6bb1cd4805286bc26 16196 perl optional libdbi-perl_1.636-1+deb9u1.debian.tar.xz
 31613ba30d7219bc5c776e00e2986e50 5944 perl optional libdbi-perl_1.636-1+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl9x2xUACgkQj/HLbo2J
BZ8XnAf+PUcdm6iccuefKcYYfxXj1hlpREOCb2LyPTeQWLNp87ujz0qs1JSE3KuM
aNLSRysZjxCSsOkd7D0Kc2hpnQ2/m+/Mz3J4i1aBf+jIbeAlVpSwCW9j5K4/SCVs
/XxHjjD+yuiVwwtKeKfa1fmS9gi8zoXqULGIgGAyRq/yM7+Yk4m2pxFeXnXqa1Nh
iVeHieTVMKX4aY4whQHvgfgx7HpcQhpJWA/u08hPRiXPs9ft3awLWXScZ13y5ifI
2MmGNTDOpv7bnIufovtM0jRsgxhoe+2ykXAUO4XuWS9n82nwPtyo/AA2WgVEEol/
AuCprGXRYL8zESUpKCwm/TmDHgikmg==
=6Svx
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted linux-4.19 4.19.146-1~deb9u1 (source) into oldstable, oldstable
Next by Date: Accepted firefox-esr 78.3.0esr-1~deb9u1 (source amd64 all) into oldstable, oldstable
Previous by thread: Accepted linux-4.19 4.19.146-1~deb9u1 (source) into oldstable, oldstable
Next by thread: Accepted firefox-esr 78.3.0esr-1~deb9u1 (source amd64 all) into oldstable, oldstable
Index(es):
- Date
- Thread