[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
|
From: |
Leo Famulari |
|
Subject: |
[bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788. |
|
Date: |
Tue, 25 Jul 2017 14:00:03 -0400 |
|
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Mon, Jul 24, 2017 at 06:07:25PM -0400, Kei Kebreau wrote:
> Done! FYI, this patch is tentative (i.e. not merged upstream as of
> yet). It seems to do the right thing, but I'm not quite sure, as I'm not
> an experienced C programmer, nor am I a user of this package.
I'm not an expert but, I agree, it seems to do the right thing.
> > Check 'gnu/packages/patches/wget-CVE-2017-6508.patch' for an example if
> > you are unsure.
> >
> > There is also CVE-2017-10789. I'm not sure if there is a fix merged
> > upstream yet:
> >
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10789
Okay, let's wait on that one. Can you try to keep track of it?
> How does the attached patch look?
> From d067457fcc87a0353dfdf6c8bfbe4f2bbdb90bb9 Mon Sep 17 00:00:00 2001
> From: Kei Kebreau <address@hidden>
> Date: Mon, 24 Jul 2017 13:51:50 -0400
> Subject: [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
>
> * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it.
Please push!
signature.asc
Description: PGP signature