Source: libdbd-mysql-perl Version: 4.028-2 Severity: important Tags: security upstream
Hi, the following vulnerability was published for libdbd-mysql-perl. CVE-2017-10788[0]: | The DBD::mysql module through 4.043 for Perl allows remote attackers to | cause a denial of service (use-after-free and application crash) or | possibly have unspecified other impact by triggering (1) certain error | responses from a MySQL server or (2) a loss of a network connection to | a MySQL server. The use-after-free defect was introduced by relying on | incorrect Oracle mysql_stmt_close documentation and code examples. Related discussions in [1] and [2]. [2] contains a proposed patch. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-10788 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10788 [1] http://seclists.org/oss-sec/2017/q2/443 [2] https://github.com/perl5-dbi/DBD-mysql/issues/120 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
