From e1ef54d8b459943021cf12eb1fadfe3eeb821c0f4d03fe4608b9363a42ca067b Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Tue, 29 Nov 2016 07:16:35 +0000 Subject: [PATCH] Accepting request 442505 from devel:languages:perl:autoupdate automatic update OBS-URL: https://build.opensuse.org/request/show/442505 OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-DBD-mysql?expand=0&rev=46 --- DBD-mysql-4.040.tar.gz | 3 --- DBD-mysql-4.041.tar.gz | 3 +++ perl-DBD-mysql.changes | 27 +++++++++++++++++++++++++++ perl-DBD-mysql.spec | 2 +- 4 files changed, 31 insertions(+), 4 deletions(-) delete mode 100644 DBD-mysql-4.040.tar.gz create mode 100644 DBD-mysql-4.041.tar.gz diff --git a/DBD-mysql-4.040.tar.gz b/DBD-mysql-4.040.tar.gz deleted file mode 100644 index 9574dd0..0000000 --- a/DBD-mysql-4.040.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a3438bba3cce02b13870b146b9db76a519b98e978d9dfe8516a63daff2989040 -size 149783 diff --git a/DBD-mysql-4.041.tar.gz b/DBD-mysql-4.041.tar.gz new file mode 100644 index 0000000..55ab24b --- /dev/null +++ b/DBD-mysql-4.041.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4777de11c464b515db9da95c08c225900d0594b65ba3256982dc21f9f9379040 +size 150508 diff --git a/perl-DBD-mysql.changes b/perl-DBD-mysql.changes index d798766..a0a830c 100644 --- a/perl-DBD-mysql.changes +++ b/perl-DBD-mysql.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Tue Nov 29 06:18:42 UTC 2016 - coolo@suse.com + +- updated to 4.041 + see /usr/share/doc/packages/perl-DBD-mysql/Changes + + 2016-11-28 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.041) + * Fix use-after-free for repeated fetchrow_arrayref calls when + mysql_server_prepare=1 + + Function dbd_st_fetch() via Renew() can reallocate output buffer for + mysql_stmt_fetch() call. But it does not update pointer to that buffer in + imp_sth->stmt structure initialized by mysql_stmt_bind_result() function. + That leads to use-after-free in any mysql function which access + imp_sth->stmt structure (e.g. mysql_stmt_fetch()). + + This patch fix this problem and properly updates pointer in imp_sth->stmt + structure after Renew() call. + This is a medium level security issue to which the Debian security team + assigned identifier CVE-2016-1251. Discovered and fixed by Pali Rohár. + + * auto_reconnect now also matches CR_SERVER_LOST, previously this only + matched CR_SERVER_GONE. + Fixes http://bugs.mysql.com/bug.php?id=27613 + Fix suggested by Wouter de Jong. + * Fix compilation fixes (Pali Rohár). + ------------------------------------------------------------------- Sun Nov 20 06:16:34 UTC 2016 - coolo@suse.com diff --git a/perl-DBD-mysql.spec b/perl-DBD-mysql.spec index 122c509..672a03b 100644 --- a/perl-DBD-mysql.spec +++ b/perl-DBD-mysql.spec @@ -17,7 +17,7 @@ Name: perl-DBD-mysql -Version: 4.040 +Version: 4.041 Release: 0 %define cpan_name DBD-mysql Summary: MySQL driver for the Perl5 Database Interface (DBI)