perl-dbi: Multiple vulnerabilities (CVE-2020-14392, CVE-2020-14393)
CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated
A flaw was found in perl-dbi before version 1.643. Macro ST() returns pointer to Perl stack. Other Perl functions which use Perl stack (e.g. eval) may reallocate Perl stack and therefore pointer returned by ST() macro is invalid which may lead to memory corruption.
References:
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
- https://security-tracker.debian.org/tracker/CVE-2020-14392
Patch:
https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1
CVE-2020-14393: Buffer overflow on an overlong DBD class name
A flaw was found in perl-dbi before version 1.643. A buffer overflow on via an overlong DBD class name in dbih_setup_handle function may lead to data be written past the intended limit.
References:
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
- https://security-tracker.debian.org/tracker/CVE-2020-14393
Patch:
https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b
Affected branches:
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information