Ubuntu has issued an advisory today (August 4): https://ubuntu.com/security/notices/USN-5030-1 Mageia 8 is also affected.
Status comment: (none) => Patch available from upstream and UbuntuCC: (none) => nicolas.salgueroWhiteboard: (none) => MGA8TOO
This SRPM is maintained by different people, so assigning the bug globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). (CVE-2014-10402) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10402 https://ubuntu.com/security/notices/USN-5030-1 ======================== Updated packages in core/updates_testing: ======================== perl-DBI-ProfileDumper-Apache-1.643.0-4.1.mga8 perl-DBI-1.643.0-4.1.mga8 from SRPM: perl-DBI-1.643.0-4.1.mga8.src.rpm
Status comment: Patch available from upstream and Ubuntu => (none)Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugsSource RPM: perl-DBI-1.643.0-6.mga9.src.rpm => perl-DBI-1.643.0-4.mga8.src.rpmVersion: Cauldron => 8CVE: (none) => CVE-2014-10402Whiteboard: MGA8TOO => (none)
MGA8-64 Plasma on Lenovo B50 No installation issues. As with other developer tools and in previous updates, OK on clean install.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0451.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED