GNU bug report logs - #27805
[PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.

Previous Next

Full log

Message #14 received at 27805 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Kei Kebreau <kei <at> openmailbox.org>
Cc: 27805 <at> debbugs.gnu.org
Subject: Re: [bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
Date: Tue, 25 Jul 2017 14:00:03 -0400

[Message part 1 (text/plain, inline)]

On Mon, Jul 24, 2017 at 06:07:25PM -0400, Kei Kebreau wrote:
> Done! FYI, this patch is tentative (i.e. not merged upstream as of
> yet). It seems to do the right thing, but I'm not quite sure, as I'm not
> an experienced C programmer, nor am I a user of this package.

I'm not an expert but, I agree, it seems to do the right thing.

> > Check 'gnu/packages/patches/wget-CVE-2017-6508.patch' for an example if
> > you are unsure.
> >
> > There is also CVE-2017-10789. I'm not sure if there is a fix merged
> > upstream yet:
> >
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10789

Okay, let's wait on that one. Can you try to keep track of it?

> How does the attached patch look?

> From d067457fcc87a0353dfdf6c8bfbe4f2bbdb90bb9 Mon Sep 17 00:00:00 2001
> From: Kei Kebreau <kei <at> openmailbox.org>
> Date: Mon, 24 Jul 2017 13:51:50 -0400
> Subject: [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
> 
> * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it.

Please push!

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.