[libdbd-mysql-perl] 01/01: Import Debian patch 4.021-1+deb7u1

gregor herrmann gregoa at debian.org
Sat Oct 15 12:57:29 UTC 2016 

This is an automated email from the git hooks/post-receive script.

gregoa pushed a commit to branch wheezy-security
in repository libdbd-mysql-perl.

commit d8dd6d739fad4706528b798ef9438e8a07d03c1b
Author: Markus Koschany <apo at debian.org>
Date:   Sat Jul 30 12:00:29 2016 +0200

    Import Debian patch 4.021-1+deb7u1
---
 debian/changelog                   |  9 +++++++
 debian/patches/CVE-2014-9906.patch | 55 ++++++++++++++++++++++++++++++++++++++
 debian/patches/CVE-2015-8949.patch | 42 +++++++++++++++++++++++++++++
 debian/patches/series              |  2 ++
 4 files changed, 108 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index b718fea..aa1b698 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+libdbd-mysql-perl (4.021-1+deb7u1) wheezy-security; urgency=high
+
+  * Non-maintainer upload by the LTS team.
+  * Fix two use after free vulnerabilities.
+  * CVE-2014-9906: use-after-free in mysql_dr_error.
+  * CVE-2015-8949: Use after free in my_login() function of DBD::mysql.
+
+ -- Markus Koschany <apo at debian.org>  Sat, 30 Jul 2016 12:00:29 +0200
+
 libdbd-mysql-perl (4.021-1) unstable; urgency=low
 
   * New upstream release.
diff --git a/debian/patches/CVE-2014-9906.patch b/debian/patches/CVE-2014-9906.patch
new file mode 100644
index 0000000..f15893e
--- /dev/null
+++ b/debian/patches/CVE-2014-9906.patch
@@ -0,0 +1,55 @@
+From: Markus Koschany <apo at debian.org>
+Date: Sat, 30 Jul 2016 11:49:08 +0200
+Subject: CVE-2014-9906
+
+Upstream-Bug: https://github.com/perl5-dbi/DBD-mysql/pull/27
+
+Origin: https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc
+---
+ dbdimp.c | 16 ++++++++++++++--
+ 1 file changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/dbdimp.c b/dbdimp.c
+index 316a4c4..a572eb8 100755
+--- a/dbdimp.c
++++ b/dbdimp.c
+@@ -1951,6 +1951,8 @@ static int my_login(pTHX_ SV* dbh, imp_dbh_t *imp_dbh)
+   char* user;
+   char* password;
+   char* mysql_socket;
++  int result;
++  int fresh = 0;
+   D_imp_xxh(dbh);
+ 
+   /* TODO- resolve this so that it is set only if DBI is 1.607 */
+@@ -1999,10 +2001,19 @@ static int my_login(pTHX_ SV* dbh, imp_dbh_t *imp_dbh)
+ 		  port ? port : "NULL");
+ 
+   if (!imp_dbh->pmysql) {
++      fresh = 1;
+      Newz(908, imp_dbh->pmysql, 1, MYSQL);
+   }
+-  return mysql_dr_connect(dbh, imp_dbh->pmysql, mysql_socket, host, port, user,
++  result = mysql_dr_connect(dbh, imp_dbh->pmysql, mysql_socket, host, port, user,
+ 			  password, dbname, imp_dbh) ? TRUE : FALSE;
++
++  if (fresh && !result) {
++      do_error(dbh, mysql_errno(imp_dbh->pmysql),
++              mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql));
++      Safefree(imp_dbh->pmysql);
++      imp_dbh->pmysql = NULL;
++  }
++  return result;
+ }
+ 
+ 
+@@ -2054,7 +2065,8 @@ int dbd_db_login(SV* dbh, imp_dbh_t* imp_dbh, char* dbname, char* user,
+ 
+   if (!my_login(aTHX_ dbh, imp_dbh))
+   {
+-    do_error(dbh, mysql_errno(imp_dbh->pmysql),
++    if(imp_dbh->pmysql)
++        do_error(dbh, mysql_errno(imp_dbh->pmysql),
+             mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql));
+     return FALSE;
+   }
diff --git a/debian/patches/CVE-2015-8949.patch b/debian/patches/CVE-2015-8949.patch
new file mode 100644
index 0000000..3c60dca
--- /dev/null
+++ b/debian/patches/CVE-2015-8949.patch
@@ -0,0 +1,42 @@
+From: Markus Koschany <apo at debian.org>
+Date: Sat, 30 Jul 2016 11:52:34 +0200
+Subject: CVE-2015-8949
+
+Upstream-Bug: https://github.com/perl5-dbi/DBD-mysql/pull/45
+
+Origin: https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156
+---
+ dbdimp.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/dbdimp.c b/dbdimp.c
+index a572eb8..8d7f1c9 100755
+--- a/dbdimp.c
++++ b/dbdimp.c
+@@ -2007,12 +2007,6 @@ static int my_login(pTHX_ SV* dbh, imp_dbh_t *imp_dbh)
+   result = mysql_dr_connect(dbh, imp_dbh->pmysql, mysql_socket, host, port, user,
+ 			  password, dbname, imp_dbh) ? TRUE : FALSE;
+ 
+-  if (fresh && !result) {
+-      do_error(dbh, mysql_errno(imp_dbh->pmysql),
+-              mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql));
+-      Safefree(imp_dbh->pmysql);
+-      imp_dbh->pmysql = NULL;
+-  }
+   return result;
+ }
+ 
+@@ -2065,9 +2059,12 @@ int dbd_db_login(SV* dbh, imp_dbh_t* imp_dbh, char* dbname, char* user,
+ 
+   if (!my_login(aTHX_ dbh, imp_dbh))
+   {
+-    if(imp_dbh->pmysql)
++    if(imp_dbh->pmysql) {
+         do_error(dbh, mysql_errno(imp_dbh->pmysql),
+             mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql));
++        Safefree(imp_dbh->pmysql);
++
++    }
+     return FALSE;
+   }
+ 
diff --git a/debian/patches/series b/debian/patches/series
index fc4134b..6db8ec5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,4 @@
 fix_pod_for_manpage
 fix_spelling
+CVE-2014-9906.patch
+CVE-2015-8949.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libdbd-mysql-perl.git

More information about the Pkg-perl-cvs-commits mailing list