-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 21 Sep 2020 17:33:05 +0200 Source: libdbi-perl Binary: libdbi-perl Architecture: source Version: 1.636-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Changed-By: Sylvain Beucler <beuc@debian.org> Description: libdbi-perl - Perl Database Interface (DBI) Changes: libdbi-perl (1.636-1+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2019-20919: the hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. * CVE-2020-14392: an untrusted pointer dereference flaw was found in Perl-DBI. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. * CVE-2020-14393: a buffer overflow on via an overlong DBD class name in dbih_setup_handle function may lead to data be written past the intended limit. Checksums-Sha1: 3e0ebb22c96cc379f70657a6d03f0e80ed9914aa 2000 libdbi-perl_1.636-1+deb9u1.dsc fd305ba74fdf5a59605aaffd7e53bcd1018c99bb 595433 libdbi-perl_1.636.orig.tar.gz a47dc6a60001eddc4418e50b13a2e5d86fb8f56b 16196 libdbi-perl_1.636-1+deb9u1.debian.tar.xz f2c09fca6a02a87988c9002933a26f8d984a80f0 5944 libdbi-perl_1.636-1+deb9u1_amd64.buildinfo Checksums-Sha256: e4fd24a59660415966a313304788d99f16c08c0c1aaad8fcc5ee9c65f8759435 2000 libdbi-perl_1.636-1+deb9u1.dsc 8f7ddce97c04b4b7a000e65e5d05f679c964d62c8b02c94c1a7d815bb2dd676c 595433 libdbi-perl_1.636.orig.tar.gz 966d1c2b498d63b31b5a11b4401d8c12307cbde5a3a271f508f3411a9c2df2c6 16196 libdbi-perl_1.636-1+deb9u1.debian.tar.xz 6a8164c0a5cf535017b1bc993f6ed545f339b88fbf93d82e0405b1caf24b63c3 5944 libdbi-perl_1.636-1+deb9u1_amd64.buildinfo Files: 98e12359ca0d02cbf31da6987d86ba46 2000 perl optional libdbi-perl_1.636-1+deb9u1.dsc 60f291e5f015550dde71d1858dfe93ba 595433 perl optional libdbi-perl_1.636.orig.tar.gz 4fff1d63e58016a6bb1cd4805286bc26 16196 perl optional libdbi-perl_1.636-1+deb9u1.debian.tar.xz 31613ba30d7219bc5c776e00e2986e50 5944 perl optional libdbi-perl_1.636-1+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl9x2xUACgkQj/HLbo2J BZ8XnAf+PUcdm6iccuefKcYYfxXj1hlpREOCb2LyPTeQWLNp87ujz0qs1JSE3KuM aNLSRysZjxCSsOkd7D0Kc2hpnQ2/m+/Mz3J4i1aBf+jIbeAlVpSwCW9j5K4/SCVs /XxHjjD+yuiVwwtKeKfa1fmS9gi8zoXqULGIgGAyRq/yM7+Yk4m2pxFeXnXqa1Nh iVeHieTVMKX4aY4whQHvgfgx7HpcQhpJWA/u08hPRiXPs9ft3awLWXScZ13y5ifI 2MmGNTDOpv7bnIufovtM0jRsgxhoe+2ykXAUO4XuWS9n82nwPtyo/AA2WgVEEol/ AuCprGXRYL8zESUpKCwm/TmDHgikmg== =6Svx -----END PGP SIGNATURE-----
