DBI 0.94 Deleted
Security Advisories
CVE-2020-14393
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
Fixed version: >=1.643
Severity: high
Reported: 2020-09-16
CVE-2020-14392
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
- https://bugzilla.redhat.com/show_bug.cgi?id=1877402
- https://bugzilla.redhat.com/show_bug.cgi?id=1877402
- https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html
- https://usn.ubuntu.com/4503-1/
Fixed version: >=1.643
Severity: high
Reported: 2020-06-17
CVE-2019-20919
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20919
- https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff
- https://bugzilla.redhat.com/show_bug.cgi?id=1877405
- https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/US6VXPKVAYHOKNFSAFLM3FWNYZSJKQHS/
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KJN7E27GD6QQ2CRGEJ3TNW2DJFXA2AKN/
- https://ubuntu.com/security/notices/USN-4534-1
Fixed version: >=1.643
Severity: high
Reported: 2020-09-17
DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.
Fixed version: >=1.632
Severity: high
Reported: 2014-10-15
CVE-2005-0077
Allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
Fixed version: >=1.47
Reported: 2005-05-02
CVE-2014-10402
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
Severity: medium
Reported: 2020-09-16
CVE-2014-10401
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.
- https://rt.cpan.org/Public/Bug/Display.html?id=99508
- https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a
- https://usn.ubuntu.com/4509-1/
Severity: medium
Reported: 2020-09-11
CVE-2013-7491
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.
- https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d
- https://rt.cpan.org/Public/Bug/Display.html?id=85562
Severity: medium
Reported: 2020-09-11
CVE-2013-7490
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.
- https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766
- https://rt.cpan.org/Public/Bug/Display.html?id=86744#txn-1880941
- https://usn.ubuntu.com/4509-1/
Severity: medium
Reported: 2020-09-11
Kwalitee Issues
- has_meta_yml
-
Add a META.yml to the distribution. Your buildtool should be able to autogenerate it.
- buildtool_not_executable
-
Change the permissions of Build.PL/Makefile.PL to not-executable.
- use_strict
-
Add 'use strict' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules are strictly written.
Error: DBI::FAQ
- prereq_matches_use
-
List all used modules in META.yml requires
Error:
- RPC::pClient
- RPC::pServer
- Win32::ODBC
- no_pod_errors
-
Remove the POD errors. You can check for POD errors automatically by including Test::Pod to your test suite.
Error: DBI-0.94/lib/DBI/Shell.pm -- Around line 895: Non-ASCII character seen before =encoding in 'König.'. Assuming CP1252
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- has_tests_in_t_dir
-
Add tests or move tests.pl to the t/ directory!
- meta_yml_has_license
-
Define the license if you are using in Build.PL. If you are using MakeMaker (Makefile.PL) you should upgrade to ExtUtils::MakeMaker version 6.31.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: DBD::ExampleP, DBD::NullP, DBD::Proxy, DBD::Sponge, DBI, DBI::DBD, DBI::FAQ, DBI::ProxyServer, DBI::Shell, DBI::W32ODBC
- no_unauthorized_packages
-
Ask the owner of the distribution (the one who released it first, or the one who is designated in x_authority) to give you a (co-)maintainer's permission.
Error:
- DBI::Shell
- no_invalid_versions
-
Fix the version numbers so that version::is_lax($version) returns true.
Error:
- lib/DBI/DBD.pm: HASH(0x55607de70c00)
- consistent_version
-
Split the distribution, or fix the version numbers to make them consistent (use the highest version number to avoid version downgrade).
Error: 0.1004,0.94,2.7
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Modules
Name | Abstract | Version | View |
---|---|---|---|
DBD::ExampleP | metacpan | ||
DBD::NullP | metacpan | ||
DBD::Proxy | A proxy driver for the DBI | 0.1004 | metacpan |
DBD::Sponge | metacpan | ||
DBI | Database independent interface for Perl | 0.94 | metacpan |
DBI::DBD | DBD Driver Writer's Guide (draft) | metacpan | |
DBI::FAQ | The Frequently Asked Questions for the Perl5 Database Interface | metacpan | |
DBI::ProxyServer | a server for the DBD::Proxy driver | 0.1004 | metacpan |
DBI::Shell | Interactive command shell for the DBI | 2.7 | metacpan |
Provides
Name | File | View |
---|---|---|
DBD::ExampleP::db | lib/DBD/ExampleP.pm | metacpan |
DBD::ExampleP::dr | lib/DBD/ExampleP.pm | metacpan |
DBD::ExampleP::st | lib/DBD/ExampleP.pm | metacpan |
DBD::NullP::db | lib/DBD/NullP.pm | metacpan |
DBD::NullP::dr | lib/DBD/NullP.pm | metacpan |
DBD::NullP::st | lib/DBD/NullP.pm | metacpan |
DBD::Proxy::db | lib/DBD/Proxy.pm | metacpan |
DBD::Proxy::dr | lib/DBD/Proxy.pm | metacpan |
DBD::Proxy::st | lib/DBD/Proxy.pm | metacpan |
DBD::Sponge::db | lib/DBD/Sponge.pm | metacpan |
DBD::Sponge::dr | lib/DBD/Sponge.pm | metacpan |
DBD::Sponge::st | lib/DBD/Sponge.pm | metacpan |
DBD::Switch::dr | DBI.pm | metacpan |
DBD::_::common | DBI.pm | metacpan |
DBD::_::db | DBI.pm | metacpan |
DBD::_::dr | DBI.pm | metacpan |
DBD::_::st | DBI.pm | metacpan |
DBD::_mem::db | DBI.pm | metacpan |
DBD::_mem::dr | DBI.pm | metacpan |
DBD::_mem::st | DBI.pm | metacpan |
DBI::DBI_tie | DBI.pm | metacpan |
DBI::Shell::Base | lib/DBI/Shell.pm | metacpan |
DBI::Shell::Std | lib/DBI/Shell.pm | metacpan |