PublicDateAtUSN: 2020-09-11 19:15:00 UTC
Candidate: CVE-2014-10401
PublicDate: 2020-09-11 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10401
 https://rt.cpan.org/Public/Bug/Display.html?id=99508
 https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014
 https://ubuntu.com/security/notices/USN-4509-1
Description:
 An issue was discovered in the DBI module before 1.632 for Perl. DBD::File
 drivers can open files from folders other than those specifically passed
 via the f_dir attribute.
Ubuntu-Description:
Notes:
 leosilva> precise backport can be a bit trick and cause regressions. For now, ignoring it.
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L [6.1 MEDIUM]


Patches_libdbi-perl:
 upstream: https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a
upstream_libdbi-perl: released (1.633-1)
precise/esm_libdbi-perl: ignored
trusty_libdbi-perl: ignored (out of standard support)
trusty/esm_libdbi-perl: released (1.630-1ubuntu0.1~esm4)
xenial_libdbi-perl: not-affected
esm-infra/xenial_libdbi-perl: not-affected
bionic_libdbi-perl: not-affected (1.640-1)
focal_libdbi-perl: not-affected
devel_libdbi-perl: not-affected