Please add patch for CVE-2016-1246 buffer overflow
Bug #1632833 reported by
MichielBeijen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libdbd-mysql-perl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Hi, I'm the upstream maintainer of DBD::mysql which is packaged in Ubuntu as libdbd-mysql-perl.
Please note there was a buffer overflow vulnerability discovered and patched with CVE-2016-1246. Debian backported the patch to Jessie:
But the version in Xenial and Trusty still contains the issue.
To post a comment you must log in.
See also https:/ /www.debian. org/security/ 2016/dsa- 3684 (where they misspelled the name of the incident reporter - Pali Rohár)
and this announcement by me: blogs.perl. org/users/ mike_b/ 2016/10/ security- release- --buffer- overflow- in-dbdmysql- perl-library. html
http://
Also, I did send email about this to the oss-security mailing list. Does Ubuntu not follow this list? Patches were in Debian and Fedora pretty soon.
ref: http:// seclists. org/oss- sec/2016/ q4/13