This is the mail archive of the
mailing list for the Cygwin project.
Re: Updated: perl-DBI-1.623-1
- From: Reini Urban <rurban at x-ray dot at>
- To: The Cygwin Mailing List <cygwin at cygwin dot com>
- Date: Wed, 9 Jan 2013 16:47:26 -0600
- Subject: Re: Updated: perl-DBI-1.623-1
- References: <20130108223547.697962af@YAAKOV04>
On Tue, Jan 8, 2013 at 10:35 PM, Yaakov wrote:
> The following package has been updated in the Cygwin distribution:
> *** perl-DBI-1.623-1
> The Perl Database Interface (DBI) provides a single API to access a wide
> variety of databases, support for which is provided by a DBD::* driver
> module (such as perl-DBD-mysql for MySQL servers).
> This is an update to the latest upstream release.
I strongly advise against the use of DBI-1.622 and 1.623 on public
because of https://rt.cpan.org/Ticket/Display.html?id=75614
This is the currently biggest known perl security problem,
besides require "strict.pm\0shellcode"; and similar nul-char syscalls.
Not that is likely that cygwin is used on public servers, but who knows...
The patches are at also at https://github.com/rurban/distroprefs
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple