This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Updated: perl-DBI-1.623-1
- From: Reini Urban <rurban at x-ray dot at>
- To: The Cygwin Mailing List <cygwin at cygwin dot com>
- Date: Wed, 9 Jan 2013 16:47:26 -0600
- Subject: Re: Updated: perl-DBI-1.623-1
- References: <20130108223547.697962af@YAAKOV04>
On Tue, Jan 8, 2013 at 10:35 PM, Yaakov wrote:
> The following package has been updated in the Cygwin distribution:
>
> *** perl-DBI-1.623-1
>
> The Perl Database Interface (DBI) provides a single API to access a wide
> variety of databases, support for which is provided by a DBD::* driver
> module (such as perl-DBD-mysql for MySQL servers).
>
> This is an update to the latest upstream release.
Note:
I strongly advise against the use of DBI-1.622 and 1.623 on public
facing systems,
because of https://rt.cpan.org/Ticket/Display.html?id=75614
This is the currently biggest known perl security problem,
besides require "strict.pm\0shellcode"; and similar nul-char syscalls.
Not that is likely that cygwin is used on public servers, but who knows...
The patches are at also at https://github.com/rurban/distroprefs
--
Reini Urban
http://cpanel.net/ http://www.perl-compiler.org/
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple