Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • aports aports
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 657
    • Issues 657
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 330
    • Merge requests 330
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpine
  • aportsaports
  • Issues
  • #11954
Closed
Open
Created Sep 16, 2020 by Alicha CH@alichaReporter5 of 5 tasks completed5/5 tasks

perl-dbi: Multiple vulnerabilities (CVE-2020-14392, CVE-2020-14393)

CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated

A flaw was found in perl-dbi before version 1.643. Macro ST() returns pointer to Perl stack. Other Perl functions which use Perl stack (e.g. eval) may reallocate Perl stack and therefore pointer returned by ST() macro is invalid which may lead to memory corruption.

References:

  • https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
  • https://security-tracker.debian.org/tracker/CVE-2020-14392

Patch:

https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1

CVE-2020-14393: Buffer overflow on an overlong DBD class name

A flaw was found in perl-dbi before version 1.643. A buffer overflow on via an overlong DBD class name in dbih_setup_handle function may lead to data be written past the intended limit.

References:

  • https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
  • https://security-tracker.debian.org/tracker/CVE-2020-14393

Patch:

https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b

Affected branches:

  • master (c47e03d8)
  • 3.12-stable (c47e03d8)
  • 3.11-stable
  • 3.10-stable
  • 3.9-stable
Edited Sep 18, 2020 by Leo
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking