[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#973342: buster-pu: package libdbi-perl/1.642-1+deb10u2

Le 03/12/2020 à 21:50, Salvatore Bonaccorso a écrit :
> Hi Xavier,
> 
> On Sun, Nov 22, 2020 at 06:14:05PM +0000, Adam D. Barratt wrote:
>> Control: tags -1 + confirmed
>>
>> On Thu, 2020-10-29 at 07:43 +0100, Xavier Guimard wrote:
>>> libdbi-perl is still vulnerable to CVE-2014-10401: DBD::File drivers
>>> can open files from folders other than those specifically passed via
>>> the f_dir attribute.
>>
>> +  * lib/DBD/File.pm: fix CVE-2014-10401 (Closes: #972180)
>>
>> That bug report claims to be related to CVE-2014-1040*2*, which is the
>> result of an incomplete initial fix for CVE-2014-10401.
>>
>> That seems worth clarifying, but in any case please go ahead.
> 
> Xavier, can you upload it? It won't make it though for 10.7 but can be
> batched then for the next one.
> 
> Many thanks for your work!
> 
> Regards,
> Salvatore

Sorry, I forgot to push it, done now. Many thanks!
Reply to: