Candidate: CVE-2016-1249
PublicDate: 2017-02-17 02:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1249
 http://www.openwall.com/lists/oss-security/2016/11/16/1
Description:
 The DBD::mysql module before 4.039 for Perl, when using server-side
 prepared statement support, allows attackers to cause a denial of service
 (out-of-bounds read) via vectors involving an unaligned number of
 placeholders in WHERE condition and output fields in SELECT expression.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844475
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H [5.9 MEDIUM]

Patches_libdbd-mysql-perl:
 upstream: https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe
upstream_libdbd-mysql-perl: released (4.039-1)
precise_libdbd-mysql-perl: ignored (reached end-of-life)
precise/esm_libdbd-mysql-perl: ignored (end of ESM support, was needs-triage)
trusty_libdbd-mysql-perl: ignored (reached end-of-life)
trusty/esm_libdbd-mysql-perl: needs-triage
vivid/stable-phone-overlay_libdbd-mysql-perl: DNE
vivid/ubuntu-core_libdbd-mysql-perl: DNE
xenial_libdbd-mysql-perl: ignored (end of standard support, was needs-triage)
yakkety_libdbd-mysql-perl: ignored (reached end-of-life)
zesty_libdbd-mysql-perl: not-affected (4.039-1)
artful_libdbd-mysql-perl: not-affected (4.039-1)
bionic_libdbd-mysql-perl: not-affected (4.039-1)
cosmic_libdbd-mysql-perl: not-affected (4.039-1)
disco_libdbd-mysql-perl: not-affected (4.039-1)
eoan_libdbd-mysql-perl: not-affected (4.039-1)
focal_libdbd-mysql-perl: not-affected (4.039-1)
groovy_libdbd-mysql-perl: not-affected (4.039-1)
hirsute_libdbd-mysql-perl: not-affected (4.039-1)
impish_libdbd-mysql-perl: not-affected (4.039-1)
jammy_libdbd-mysql-perl: not-affected (4.039-1)
devel_libdbd-mysql-perl: not-affected (4.039-1)