DBI 1.15 Deleted
Security Advisories
CVE-2020-14393
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
Fixed version: >=1.643
Severity: high
Reported: 2020-09-16
CVE-2020-14392
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
- https://bugzilla.redhat.com/show_bug.cgi?id=1877402
- https://bugzilla.redhat.com/show_bug.cgi?id=1877402
- https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html
- https://usn.ubuntu.com/4503-1/
Fixed version: >=1.643
Severity: high
Reported: 2020-06-17
CVE-2019-20919
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20919
- https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff
- https://bugzilla.redhat.com/show_bug.cgi?id=1877405
- https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/US6VXPKVAYHOKNFSAFLM3FWNYZSJKQHS/
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KJN7E27GD6QQ2CRGEJ3TNW2DJFXA2AKN/
- https://ubuntu.com/security/notices/USN-4534-1
Fixed version: >=1.643
Severity: high
Reported: 2020-09-17
DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.
Fixed version: >=1.632
Severity: high
Reported: 2014-10-15
CVE-2005-0077
Allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
Fixed version: >=1.47
Reported: 2005-05-02
CVE-2014-10402
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
Severity: medium
Reported: 2020-09-16
CVE-2014-10401
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.
- https://rt.cpan.org/Public/Bug/Display.html?id=99508
- https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a
- https://usn.ubuntu.com/4509-1/
Severity: medium
Reported: 2020-09-11
CVE-2013-7491
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.
- https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d
- https://rt.cpan.org/Public/Bug/Display.html?id=85562
Severity: medium
Reported: 2020-09-11
CVE-2013-7490
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.
- https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766
- https://rt.cpan.org/Public/Bug/Display.html?id=86744#txn-1880941
- https://usn.ubuntu.com/4509-1/
Severity: medium
Reported: 2020-09-11
Kwalitee Issues
- has_meta_yml
-
Add a META.yml to the distribution. Your buildtool should be able to autogenerate it.
- buildtool_not_executable
-
Change the permissions of Build.PL/Makefile.PL to not-executable.
- use_strict
-
Add 'use strict' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules are strictly written.
Error: Bundle::DBI, DBI::FAQ, Win32::DBIODBC
- prereq_matches_use
-
List all used modules in META.yml requires
Error:
- RPC::PlClient
- RPC::PlServer
- Win32::ODBC
- Win32::OLE::NLS
- Win32::OLE::Variant
- no_pod_errors
-
Remove the POD errors. You can check for POD errors automatically by including Test::Pod to your test suite.
Error: DBI-1.15/lib/DBD/ADO.pm -- Around line 1268: '=item' outside of any '=over' Around line 1318: You forgot a '=back' before '=head2' DBI-1.15/lib/DBI/Shell.pm -- Around line 1177: Non-ASCII character seen before =encoding in 'König.'. Assuming CP1252
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- has_tests_in_t_dir
-
Add tests or move tests.pl to the t/ directory!
- meta_yml_has_license
-
Define the license if you are using in Build.PL. If you are using MakeMaker (Makefile.PL) you should upgrade to ExtUtils::MakeMaker version 6.31.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: Bundle::DBI, DBD::ADO, DBD::ExampleP, DBD::Multiplex, DBD::NullP, DBD::Proxy, DBD::Sponge, DBI, DBI::DBD, DBI::FAQ, DBI::Format, DBI::ProxyServer, DBI::Shell, DBI::W32ODBC, Win32::DBIODBC
- no_unauthorized_packages
-
Ask the owner of the distribution (the one who released it first, or the one who is designated in x_authority) to give you a (co-)maintainer's permission.
Error:
- DBD::ADO
- DBD::ADO::db
- DBD::ADO::dr
- DBD::ADO::st
- DBD::Multiplex
- DBD::Multiplex::db
- DBD::Multiplex::dr
- DBD::Multiplex::st
- DBI::Format
- DBI::Format::Base
- DBI::Format::Box
- DBI::Format::Neat
- DBI::Format::Raw
- DBI::Format::String
- DBI::Shell
- consistent_version
-
Split the distribution, or fix the version numbers to make them consistent (use the highest version number to avoid version downgrade).
Error: 0.2,0.2003,0.38,0.419,1.03,1.15,1.3,10.13,10.3,10.6,10.8,10.9
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Modules
Name | Abstract | Version | View |
---|---|---|---|
Bundle::DBI | A bundle to install DBI and required modules. | 1.03 | metacpan |
DBD::ADO | A DBI driver for Microsoft ADO (Active Data Objects) | 0.419 | metacpan |
DBD::ExampleP | 10.13 | metacpan | |
DBD::Multiplex | A DBI driver multiplexer | 0.2 | metacpan |
DBD::NullP | 10.3 | metacpan | |
DBD::Proxy | A proxy driver for the DBI | 0.2003 | metacpan |
DBD::Sponge | 10.6 | metacpan | |
DBI | Database independent interface for Perl | 1.15 | metacpan |
DBI::DBD | DBD Driver Writer's Guide | 10.8 | metacpan |
DBI::FAQ | The Frequently Asked Questions for the Perl5 Database Interface | 0.38 | metacpan |
DBI::Format | A package for displaying result tables | 1.3 | metacpan |
DBI::ProxyServer | a server for the DBD::Proxy driver | 0.2003 | metacpan |
DBI::Shell | Interactive command shell for the DBI | 10.9 | metacpan |
Provides
Name | File | View |
---|---|---|
DBD::ADO::db | lib/DBD/ADO.pm | metacpan |
DBD::ADO::dr | lib/DBD/ADO.pm | metacpan |
DBD::ADO::st | lib/DBD/ADO.pm | metacpan |
DBD::ExampleP::db | lib/DBD/ExampleP.pm | metacpan |
DBD::ExampleP::dr | lib/DBD/ExampleP.pm | metacpan |
DBD::ExampleP::st | lib/DBD/ExampleP.pm | metacpan |
DBD::Multiplex::db | lib/DBD/Multiplex.pm | metacpan |
DBD::Multiplex::dr | lib/DBD/Multiplex.pm | metacpan |
DBD::Multiplex::st | lib/DBD/Multiplex.pm | metacpan |
DBD::NullP::db | lib/DBD/NullP.pm | metacpan |
DBD::NullP::dr | lib/DBD/NullP.pm | metacpan |
DBD::NullP::st | lib/DBD/NullP.pm | metacpan |
DBD::Proxy::db | lib/DBD/Proxy.pm | metacpan |
DBD::Proxy::dr | lib/DBD/Proxy.pm | metacpan |
DBD::Proxy::st | lib/DBD/Proxy.pm | metacpan |
DBD::Sponge::db | lib/DBD/Sponge.pm | metacpan |
DBD::Sponge::dr | lib/DBD/Sponge.pm | metacpan |
DBD::Sponge::st | lib/DBD/Sponge.pm | metacpan |
DBD::Switch::dr | DBI.pm | metacpan |
DBD::_::common | DBI.pm | metacpan |
DBD::_::db | DBI.pm | metacpan |
DBD::_::dr | DBI.pm | metacpan |
DBD::_::st | DBI.pm | metacpan |
DBD::_mem::db | DBI.pm | metacpan |
DBD::_mem::dr | DBI.pm | metacpan |
DBD::_mem::st | DBI.pm | metacpan |
DBI::DBI_tie | DBI.pm | metacpan |
DBI::Format::Base | lib/DBI/Format.pm | metacpan |
DBI::Format::Box | lib/DBI/Format.pm | metacpan |
DBI::Format::Neat | lib/DBI/Format.pm | metacpan |
DBI::Format::Raw | lib/DBI/Format.pm | metacpan |
DBI::Format::String | lib/DBI/Format.pm | metacpan |
DBI::ProxyServer::db | lib/DBI/ProxyServer.pm | metacpan |
DBI::ProxyServer::dr | lib/DBI/ProxyServer.pm | metacpan |
DBI::ProxyServer::st | lib/DBI/ProxyServer.pm | metacpan |