DBD-Pg 1.32_2
Security Advisories
CVE-2012-1151
Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536
- https://rt.cpan.org/Public/Bug/Display.html?id=75642
- http://secunia.com/advisories/48319
- https://bugzilla.redhat.com/show_bug.cgi?id=801733
- http://www.openwall.com/lists/oss-security/2012/03/10/4
- http://secunia.com/advisories/48307
- http://www.debian.org/security/2012/dsa-2431
- http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes
- http://www.openwall.com/lists/oss-security/2012/03/09/6
- http://rhn.redhat.com/errata/RHSA-2012-1116.html
- http://secunia.com/advisories/48824
- http://security.gentoo.org/glsa/glsa-201204-08.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:112
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73855
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73854
Reported: 2012-09-09
CVE-2009-1341
Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.
- http://rt.cpan.org/Public/Bug/Display.html?id=21392
- https://launchpad.net/bugs/cve/2009-1341
- http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz
- http://www.debian.org/security/2009/dsa-1780
- http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes
- http://secunia.com/advisories/34909
- http://www.securityfocus.com/bid/34757
- http://www.redhat.com/support/errata/RHSA-2009-0479.html
- http://secunia.com/advisories/35058
- http://www.redhat.com/support/errata/RHSA-2009-1067.html
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
- http://secunia.com/advisories/35685
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50387
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9680
Fixed version: >=2.0.0
Reported: 2009-04-30
Kwalitee Issues
- has_meta_yml
-
Add a META.yml to the distribution. Your buildtool should be able to autogenerate it.
- prereq_matches_use
-
List all used modules in META.yml requires
Error:
- DBI
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- meta_yml_has_license
-
Define the license if you are using in Build.PL. If you are using MakeMaker (Makefile.PL) you should upgrade to ExtUtils::MakeMaker version 6.31.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: DBD::Pg
- test_prereq_matches_use
-
List all modules used in the test suite in META.yml test_requires
Error:
- DBI
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
- configure_prereq_matches_use
-
List all modules used in the Makefile.PL/Build.PL in META.yml configure_requires
Error:
- App::Info::Handler::Prompt
- App::Info::RDBMS::PostgreSQL
- DBI
- DBI::DBD
Modules
Name | Abstract | Version | View |
---|---|---|---|
DBD::Pg | PostgreSQL database driver for the DBI module | 1.32_2 | metacpan |