This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Updated: perl-DBI-1.623-1


On Tue, Jan 8, 2013 at 10:35 PM, Yaakov wrote:
> The following package has been updated in the Cygwin distribution:
>
> *** perl-DBI-1.623-1
>
> The Perl Database Interface (DBI) provides a single API to access a wide
> variety of databases, support for which is provided by a DBD::* driver
> module (such as perl-DBD-mysql for MySQL servers).
>
> This is an update to the latest upstream release.

Note:
I strongly advise against the use of DBI-1.622 and 1.623 on public
facing systems,
because of https://rt.cpan.org/Ticket/Display.html?id=75614
This is the currently biggest known perl security problem,
besides require "strict.pm\0shellcode"; and similar nul-char syscalls.

Not that is likely that cygwin is used on public servers, but who knows...

The patches are at also at https://github.com/rurban/distroprefs

-- 
Reini Urban
http://cpanel.net/   http://www.perl-compiler.org/

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]