CPANTS

DBD-mysql 2.1020

Security Advisories

CVE-2017-10788

The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.

Fixed version: >=4.044

Reported: 2017-04-13

CVE-2017-10789

The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.

https://github.com/perl5-dbi/DBD-mysql/pull/114

Fixed version: >=4.044

Reported: 2017-03-23

CVE-2016-1246

Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.

Fixed version: >=4.037

Reported: 2016-10-02

CVE-2015-8949

Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.

https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156

Fixed version: >=4.034

Reported: 2016-08-19

CVE-2016-1251

There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.

https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1

Fixed version: >=4.041

Reported: 2015-12-27

CVE-2014-9906

Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.

Fixed version: >=4.028

Reported: 2014-07-30

Kwalitee Issues

This is not the latest release. The following issues may have already been fixed in the newer releases.

has_meta_yml

Add a META.yml to the distribution. Your buildtool should be able to autogenerate it.

use_strict

Add 'use strict' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules are strictly written.

Error: Bundle::DBD::mysql

prereq_matches_use

List all used modules in META.yml requires

Error:

no_pod_errors

Remove the POD errors. You can check for POD errors automatically by including Test::Pod to your test suite.

Error: DBD-mysql-2.1020/lib/DBD/mysql.pod -- Around line 1204: Non-ASCII character seen before =encoding in 'KÃ¶nig'. Assuming CP1252

6 Extra Issues

has_meta_json

Add a META.json to the distribution. Your buildtool should be able to autogenerate it.

meta_yml_has_license

Define the license if you are using in Build.PL. If you are using MakeMaker (Makefile.PL) you should upgrade to ExtUtils::MakeMaker version 6.31.

use_warnings

Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.

Error: Bundle::DBD::mysql, DBD::mysql, Mysql, Mysql::Statement

no_unauthorized_packages

Ask the owner of the distribution (the one who released it first, or the one who is designated in x_authority) to give you a (co-)maintainer's permission.

Error:

Bundle::DBD::mysql
DBD::mysql
DBD::mysql::db
DBD::mysql::dr
DBD::mysql::st
Mysql
Mysql::Statement
Mysql::db
Mysql::dr
Mysql::st

test_prereq_matches_use

List all modules used in the test suite in META.yml test_requires

Error:

consistent_version

Split the distribution, or fix the version numbers to make them consistent (use the highest version number to avoid version downgrade).

Error: 1.2401,2.0416,2.1020

1 Experimental Issue

has_separate_license_file: This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.

Modules

Name	Abstract	Version	View
Bundle::DBD::mysql	A bundle to install Perl drivers for mSQL or MySQL	2.0416	metacpan
DBD::mysql	MySQL driver for the Perl5 Database Interface (DBI)	2.1020	metacpan
Mysql		1.2401	metacpan
Mysql::Statement		1.2401	metacpan

Provides

Name	File	View
DBD::mysql::db	lib/DBD/mysql.pm	metacpan
DBD::mysql::dr	lib/DBD/mysql.pm	metacpan
DBD::mysql::st	lib/DBD/mysql.pm	metacpan
Mysql::db	lib/Mysql.pm	metacpan
Mysql::dr	lib/Mysql.pm	metacpan
Mysql::st	lib/Mysql.pm	metacpan

Other Files


ChangeLog	metacpan
MANIFEST	metacpan
Makefile.PL	metacpan
README	metacpan