PublicDateAtUSN: 2020-09-16 16:15:00 UTC
Candidate: CVE-2014-10402
PublicDate: 2020-09-16 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10402
 https://ubuntu.com/security/notices/USN-5030-1
 https://ubuntu.com/security/notices/USN-5030-2
Description:
 An issue was discovered in the DBI module through 1.643 for Perl. DBD::File
 drivers can open files from folders other than those specifically passed
 via the f_dir attribute in the data source name (DSN). NOTE: this issue
 exists because of an incomplete fix for CVE-2014-10401.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972180
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L [6.1 MEDIUM]


Patches_libdbi-perl:
 upstream: https://github.com/perl5-dbi/dbi/commit/19d0fb169eed475e1c053e99036b8668625cfa94
 vendor: https://salsa.debian.org/perl-team/modules/packages/libdbi-perl/-/commit/bacdd181b0109b3853d591db30f7379b49ba2074
upstream_libdbi-perl: released (1.643-3)
precise/esm_libdbi-perl: ignored (end of ESM support, was deferred [2021-06-14])
trusty_libdbi-perl: ignored (out of standard support)
trusty/esm_libdbi-perl: needed
xenial_libdbi-perl: ignored (end of standard support, was deferred [2021-06-14])
esm-infra/xenial_libdbi-perl: released (1.634-1ubuntu0.2+esm1)
bionic_libdbi-perl: released (1.640-1ubuntu0.3)
focal_libdbi-perl: released (1.643-1ubuntu0.1)
groovy_libdbi-perl: ignored (reached end-of-life)
hirsute_libdbi-perl: not-affected (1.643-3build1)
impish_libdbi-perl: not-affected (1.643-3build1)
jammy_libdbi-perl: not-affected (1.643-3build1)
devel_libdbi-perl: not-affected (1.643-3build1)