From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-201204-08.xml | 53 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 metadata/glsa/glsa-201204-08.xml (limited to 'metadata/glsa/glsa-201204-08.xml') diff --git a/metadata/glsa/glsa-201204-08.xml b/metadata/glsa/glsa-201204-08.xml new file mode 100644 index 000000000000..74b7d859c061 --- /dev/null +++ b/metadata/glsa/glsa-201204-08.xml @@ -0,0 +1,53 @@ + + + + Perl DBD-Pg Module: Arbitrary code execution + Two format string vulnerabilities have been found in the Perl + DBD-Pg module, allowing a remote PostgreSQL servers to execute arbitrary + code. + + DBD-Pg + 2012-04-17 + 2012-04-17: 1 + 407549 + remote + + + 2.19.0 + 2.19.0 + + + +

DBD-Pg is a PostgreSQL interface module for Perl.

+ + +

Format string vulnerabilities have been found in the the "pg_warn()" and + "dbd_st_prepare()" functions in dbdimp.c. +

+ + +

A remote PostgreSQL server could send specially crafted database + warnings or DBD statements, possibly resulting in execution of arbitrary + code. +

+ + +

There is no known workaround at this time.

+ + +

All users of the Perl DBD-Pg module should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-perl/DBD-Pg-2.19.0" + + + + + CVE-2012-1151 + + ackle + ackle + -- cgit v1.2.3