Closed
Bug 1307175
Opened 8 years ago
Closed 8 years ago
CVE-2016-1246: Buffer overflow in DBD-mysql
Categories
(bugzilla.mozilla.org :: Infrastructure, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: alm, Unassigned)
References
Details
Reference: http://www.openwall.com/lists/oss-security/2016/10/03/7 https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2 -- When a reporting a variable bind error, DBD-mysql would try to construct the error message in a fixed-size buffer on the stack, possibly leading to arbitrary code execution. It depends on the application whether untrusted data is included in the error message. -D_FORTIFY_SOURCE=2 would catch this and turn the issue into a mere crash.
Comment 1•8 years ago
|
||
This will be resolved by the next bmo push, see bug 1307294.
Depends on: 1307294
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Reporter | ||
Updated•8 years ago
|
Group: infra, mozilla-employee-confidential
You need to log in
before you can comment on or make changes to this bug.
Description
•