Bug 29327 - perl-DBI new security issue CVE-2014-10402
Summary: perl-DBI new security issue CVE-2014-10402
Status: ASSIGNED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-08-04 20:00 CEST by David Walser
Modified: 2021-09-02 14:02 CEST (History)
1 user (show)

See Also:
Source RPM: perl-DBI-1.643.0-4.mga8.src.rpm
CVE: CVE-2014-10402
Status comment:


Attachments

Description David Walser 2021-08-04 20:00:04 CEST
Ubuntu has issued an advisory today (August 4):
https://ubuntu.com/security/notices/USN-5030-1

Mageia 8 is also affected.
David Walser 2021-08-04 20:00:41 CEST

Whiteboard: (none) => MGA8TOO
CC: (none) => nicolas.salguero
Status comment: (none) => Patch available from upstream and Ubuntu

Comment 1 Lewis Smith 2021-08-04 21:11:10 CEST
This SRPM is maintained by different people, so assigning the bug globally.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2021-09-02 14:02:08 CEST
Suggested advisory:
========================

The updated packages fix a security vulnerability:

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). (CVE-2014-10402)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10402
https://ubuntu.com/security/notices/USN-5030-1
========================

Updated packages in core/updates_testing:
========================
perl-DBI-ProfileDumper-Apache-1.643.0-4.1.mga8
perl-DBI-1.643.0-4.1.mga8

from SRPM:
perl-DBI-1.643.0-4.1.mga8.src.rpm

Version: Cauldron => 8
Status: NEW => ASSIGNED
Whiteboard: MGA8TOO => (none)
CVE: (none) => CVE-2014-10402
Status comment: Patch available from upstream and Ubuntu => (none)
Assignee: pkg-bugs => qa-bugs
Source RPM: perl-DBI-1.643.0-6.mga9.src.rpm => perl-DBI-1.643.0-4.mga8.src.rpm


Note You need to log in before you can comment on or make changes to this bug.