Mailing List Archive | ports@openbsd.org

From:: Marc Espie <marc.espie.openbsd@gmail.com>
Subject:: Re: [security update]databases/p5-DBI: Update to 1.644
To:: wen heping <wenheping2000@hotmail.com>
Cc:: "afresh1@openbsd.org" <afresh1@openbsd.org>, "ports@openbsd.org" <ports@openbsd.org>
Date:: Sun, 25 Aug 2024 10:15:43 +0200

Download raw body.

Thread

2024-08-25 02:46 wen heping:
[security update]databases/p5-DBI: Update to 1.644
- 2024-08-25 08:15 Marc Espie:
  [security update]databases/p5-DBI: Update to 1.644

On Sun, Aug 25, 2024 at 02:46:32AM +0000, wen heping wrote:
> Hi,
> 
>    Here is a patch for databases/p5-DBI to update to 1.644.
>    Upstream changelog say "Fix CVE-2014-10401 and CVE-2014-10402".
>    It build well and pass the test on amd64-current system.
> 
> 
> Best Regards,
> wen

I was a bit surprised to see such old CVEs only fixed now, then I looked
them all, they're very specific, and if you're not using f_dir in incorrect
ways, you're fine. They mostly fix broken config with f_dir.

(of course this needs to be fixed anyhow)

2024-08-25 02:46 wen heping:
[security update]databases/p5-DBI: Update to 1.644
- 2024-08-25 08:15 Marc Espie:
  [security update]databases/p5-DBI: Update to 1.644