GNU bug report logs - #27805
[PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.

Previous Next

Full log

Message #19 received at 27805-done <at> debbugs.gnu.org (full text, mbox):

From: Kei Kebreau <kei <at> openmailbox.org>
To: Leo Famulari <leo <at> famulari.name>
Cc: 27805-done <at> debbugs.gnu.org
Subject: Re: [bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
Date: Tue, 25 Jul 2017 14:13:04 -0400

[Message part 1 (text/plain, inline)]

Leo Famulari <leo <at> famulari.name> writes:

> On Mon, Jul 24, 2017 at 06:07:25PM -0400, Kei Kebreau wrote:
>> Done! FYI, this patch is tentative (i.e. not merged upstream as of
>> yet). It seems to do the right thing, but I'm not quite sure, as I'm not
>> an experienced C programmer, nor am I a user of this package.
>
> I'm not an expert but, I agree, it seems to do the right thing.
>
>> > Check 'gnu/packages/patches/wget-CVE-2017-6508.patch' for an example if
>> > you are unsure.
>> >
>> > There is also CVE-2017-10789. I'm not sure if there is a fix merged
>> > upstream yet:
>> >
>> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10789
>
> Okay, let's wait on that one. Can you try to keep track of it?
>

Will do!

>> How does the attached patch look?
>
>> From d067457fcc87a0353dfdf6c8bfbe4f2bbdb90bb9 Mon Sep 17 00:00:00 2001
>> From: Kei Kebreau <kei <at> openmailbox.org>
>> Date: Mon, 24 Jul 2017 13:51:50 -0400
>> Subject: [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
>> 
>> * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Add it.
>> * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it.
>
> Please push!

Pushed to master! Thank you for reviewing.

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.