[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
From: |
Leo Famulari |
Subject: |
[bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788. |
Date: |
Mon, 24 Jul 2017 15:17:45 -0400 |
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Mon, Jul 24, 2017 at 02:31:44PM -0400, Kei Kebreau wrote:
> * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it.
Thanks!
> diff --git a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
> b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
> new file mode 100644
> index 000000000..344f2d803
> --- /dev/null
> +++ b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
> @@ -0,0 +1,51 @@
> +From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001
> +From: Pali <address@hidden>
> +Date: Sun, 25 Jun 2017 10:07:39 +0200
> +Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close()
> +
> +Ignore return value from mysql_stmt_close() and also its error message
> +because it points to freed memory after mysql_stmt_close() was called.
Can you add a link to the MITRE page for this CVE (and any other pages
you think are relevant) and to the source of this patch?
Check 'gnu/packages/patches/wget-CVE-2017-6508.patch' for an example if
you are unsure.
There is also CVE-2017-10789. I'm not sure if there is a fix merged
upstream yet:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10789
signature.asc
Description: PGP signature