On Mon, Jul 24, 2017 at 06:07:25PM -0400, Kei Kebreau wrote:
> Done! FYI, this patch is tentative (i.e. not merged upstream as of
> yet). It seems to do the right thing, but I'm not quite sure, as I'm not
> an experienced C programmer, nor am I a user of this package.

I'm not an expert but, I agree, it seems to do the right thing.

> > Check 'gnu/packages/patches/wget-CVE-2017-6508.patch' for an example if
> > you are unsure.
> >
> > There is also CVE-2017-10789. I'm not sure if there is a fix merged
> > upstream yet:
> >
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10789

Okay, let's wait on that one. Can you try to keep track of it?

> How does the attached patch look?

> From d067457fcc87a0353dfdf6c8bfbe4f2bbdb90bb9 Mon Sep 17 00:00:00 2001
> From: Kei Kebreau <kei@openmailbox.org>
> Date: Mon, 24 Jul 2017 13:51:50 -0400
> Subject: [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
> 
> * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it.

Please push!