Accepting request 442505 from devel:languages:perl:autoupdate

automatic update OBS-URL: https://build.opensuse.org/request/show/442505 OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-DBD-mysql?expand=0&rev=46
2016-11-29 07:16:35 +00:00
parent ab7575a8ad
commit e1ef54d8b4
4 changed files with 31 additions and 4 deletions
--- a/perl-DBD-mysql.changes
+++ b/perl-DBD-mysql.changes
@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Tue Nov 29 06:18:42 UTC 2016 - coolo@suse.com
+
+- updated to 4.041
+   see /usr/share/doc/packages/perl-DBD-mysql/Changes
+
+  2016-11-28 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.041)
+  * Fix use-after-free for repeated fetchrow_arrayref calls when
+    mysql_server_prepare=1
+  
+    Function dbd_st_fetch() via Renew() can reallocate output buffer for
+    mysql_stmt_fetch() call. But it does not update pointer to that buffer in
+    imp_sth->stmt structure initialized by mysql_stmt_bind_result() function.
+    That leads to use-after-free in any mysql function which access
+    imp_sth->stmt structure (e.g. mysql_stmt_fetch()).
+  
+    This patch fix this problem and properly updates pointer in imp_sth->stmt
+    structure after Renew() call.
+    This is a medium level security issue to which the Debian security team
+    assigned identifier CVE-2016-1251. Discovered and fixed by Pali Rohár.
+  
+  * auto_reconnect now also matches  CR_SERVER_LOST, previously this only
+    matched CR_SERVER_GONE.
+    Fixes http://bugs.mysql.com/bug.php?id=27613
+    Fix suggested by Wouter de Jong.
+  * Fix compilation fixes (Pali Rohár).
+
 -------------------------------------------------------------------
 Sun Nov 20 06:16:34 UTC 2016 - coolo@suse.com