diff options
| author | wiz <wiz@pkgsrc.org> | 2016-11-28 22:45:44 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2016-11-28 22:45:44 +0000 |
| commit | 2bd3f413fafb30eb3041ea26a745a99e3d5ddc66 (patch) | |
| tree | d91fc390ea7287d8918eeaebbf50c4d4cc96a507 /databases | |
| parent | 86458206581ad01687625f1f786e7b297f533777 (diff) | |
| download | pkgsrc-2bd3f413fafb30eb3041ea26a745a99e3d5ddc66.tar.gz | |
Updated p5-DBD-mysql to 4.041.
2016-11-28 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.041)
* Fix use-after-free for repeated fetchrow_arrayref calls when
mysql_server_prepare=1
Function dbd_st_fetch() via Renew() can reallocate output buffer for
mysql_stmt_fetch() call. But it does not update pointer to that buffer in
imp_sth->stmt structure initialized by mysql_stmt_bind_result() function.
That leads to use-after-free in any mysql function which access
imp_sth->stmt structure (e.g. mysql_stmt_fetch()).
This patch fix this problem and properly updates pointer in imp_sth->stmt
structure after Renew() call.
This is a medium level security issue to which the Debian security team
assigned identifier CVE-2016-1251. Discovered and fixed by Pali Rohár.
* auto_reconnect now also matches CR_SERVER_LOST, previously this only
matched CR_SERVER_GONE.
Fixes http://bugs.mysql.com/bug.php?id=27613
Fix suggested by Wouter de Jong.
* Fix compilation fixes (Pali Rohár).
Diffstat (limited to 'databases')
| -rw-r--r-- | databases/p5-DBD-mysql/Makefile | 4 | ||||
| -rw-r--r-- | databases/p5-DBD-mysql/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/databases/p5-DBD-mysql/Makefile b/databases/p5-DBD-mysql/Makefile index f994befcdbd..2a8608406a0 100644 --- a/databases/p5-DBD-mysql/Makefile +++ b/databases/p5-DBD-mysql/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.67 2016/11/20 06:40:41 wen Exp $ +# $NetBSD: Makefile,v 1.68 2016/11/28 22:45:44 wiz Exp $ -DISTNAME= DBD-mysql-4.040 +DISTNAME= DBD-mysql-4.041 PKGNAME= p5-${DISTNAME} CATEGORIES= databases perl5 MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=DBD/} diff --git a/databases/p5-DBD-mysql/distinfo b/databases/p5-DBD-mysql/distinfo index cb28d7ab6f4..47e4dec4df6 100644 --- a/databases/p5-DBD-mysql/distinfo +++ b/databases/p5-DBD-mysql/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.27 2016/11/20 06:40:41 wen Exp $ +$NetBSD: distinfo,v 1.28 2016/11/28 22:45:44 wiz Exp $ -SHA1 (DBD-mysql-4.040.tar.gz) = edbd76b915d35930c9a4bda67f0b4a6090d4308e -RMD160 (DBD-mysql-4.040.tar.gz) = a808fcc5eb0b8f0b091138f073fe5b3a6db7dff7 -SHA512 (DBD-mysql-4.040.tar.gz) = 43ed530e568ace51030ba36b3013fffaa19ae7c463d05f595f0343ea58e79801eac1c6ae280de343d280e043581f349306d960a153160f24e8457028866e474f -Size (DBD-mysql-4.040.tar.gz) = 149783 bytes +SHA1 (DBD-mysql-4.041.tar.gz) = b6b6fe61380787fc298f997d0eac1ba8a6e06684 +RMD160 (DBD-mysql-4.041.tar.gz) = 9e1c9c5f97d138422450c86f8fab5087b34f4d6c +SHA512 (DBD-mysql-4.041.tar.gz) = 8663c58f1dec273869ef5d3ee663d80cb36fa87b1956318fff07a4a801aaecc395510a8f31b7a51b823f7e9d6a73ebf13894c1b7f7b27fdc3f3956e6aba34777 +Size (DBD-mysql-4.041.tar.gz) = 150508 bytes |