Mandriva has issued an advisory today (July 26): http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:112 Mageia 1 and 2 are also affected.
CC: (none) => jquelinWhiteboard: (none) => MGA2TOO, MGA1TOO
The version we have in Cauldron is not affected.
Version: Cauldron => 2Whiteboard: MGA2TOO, MGA1TOO => MGA1TOO
This is already fixed in Mageia 2.
Version: 2 => 1Whiteboard: MGA1TOO => (none)
Patched package uploaded for Mageia 1. Advisory: ======================== Updated perl-DBD-Pg package fixes security vulnerability: Two format string flaws were found in the way perl-DBD-Pg. A rogue server could provide a specially-crafted database warning or specially-crafted DBD statement, which once processed by the perl-DBD-Pg interface would lead to perl-DBD-Pg based process crash (CVE-2012-1151). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1151 http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:112 ======================== Updated packages in core/updates_testing: ======================== perl-DBD-Pg-2.18.0-1.1.mga1 from perl-DBD-Pg-2.18.0-1.1.mga1.src.rpm
Assignee: bugsquad => qa-bugs
URL: (none) => http://lwn.net/Vulnerabilities/486225/
thank you for taking time to do the update. i'm on vacation and do not look my mails on a regular basis.
Just testing the package still works. Testing complete on Mageia 1 64 bits using the following procedure. Jérôme, if you have any comment about the way I tested, please tell :) --- Installation --- urpmi perl-DBD-Pg --search-media "Updates Testing" urpmi postgresql9.0 postgresql9.0-server --- Create a test database --- su -l postgres -c "psql" postgres=# drop database if exists qatest; postgres=# create database qatest; CREATE DATABASE postgres=# \c qatest; You are now connected to database "qatest". qatest=# create table qatest_table (id INT, caption VARCHAR); CREATE TABLE qatest=# \d qatest_table Table "public.qatest_table" Column | Type | Modifiers ---------+-------------------+----------- id | integer | caption | character varying | qatest=# insert into qatest_table values (1, 'mageia'), (2, 'QA'); INSERT 0 2 qatest=# \q --- Start perl in interactive debug mode to test DBI --- perl -d -e 1 Then inside the debugger: use DBI $dbh = DBI->connect ( "dbi:Pg:dbname=qatest", "postgres", "") print defined($dbh) #must print "1" $sth = $dbh->prepare("SELECT * FROM qatest_table") $sth->execute() print $sth->fetchrow() #displays "1mageia" print $sth->fetchrow() #displays "2QA"
CC: (none) => stormi
Whiteboard: (none) => has_procedure MGA1-64-OK
Testing complete on Mageia 1 32 bits, and procedure added to the wiki: https://wiki.mageia.org/en/QA_procedure:Perl-dbd-pg Update validated. No linking required. Thanks! See comment #3 for advisory and packages.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: has_procedure MGA1-64-OK => has_procedure MGA1-64-OK MGA1-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0187
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED