Le 03/12/2020 à 21:50, Salvatore Bonaccorso a écrit : > Hi Xavier, > > On Sun, Nov 22, 2020 at 06:14:05PM +0000, Adam D. Barratt wrote: >> Control: tags -1 + confirmed >> >> On Thu, 2020-10-29 at 07:43 +0100, Xavier Guimard wrote: >>> libdbi-perl is still vulnerable to CVE-2014-10401: DBD::File drivers >>> can open files from folders other than those specifically passed via >>> the f_dir attribute. >> >> + * lib/DBD/File.pm: fix CVE-2014-10401 (Closes: #972180) >> >> That bug report claims to be related to CVE-2014-1040*2*, which is the >> result of an incomplete initial fix for CVE-2014-10401. >> >> That seems worth clarifying, but in any case please go ahead. > > Xavier, can you upload it? It won't make it though for 10.7 but can be > batched then for the next one. > > Many thanks for your work! > > Regards, > Salvatore
Sorry, I forgot to push it, done now. Many thanks!
