PublicDateAtUSN: 2016-08-19
Candidate: CVE-2015-8949
PublicDate: 2016-08-19 21:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8949
 https://github.com/perl5-dbi/DBD-mysql/pull/45
 http://seclists.org/oss-sec/2016/q3/150
 https://ubuntu.com/security/notices/USN-3103-1
Description:
 Use-after-free vulnerability in the my_login function in DBD::mysql before
 4.033_01 allows attackers to have unspecified impact by leveraging a call
 to mysql_errno after a failure of my_login.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Hanno Böck
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_libdbd-mysql-perl:
 upstream: https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156
upstream_libdbd-mysql-perl: released (4.035-1)
precise_libdbd-mysql-perl: released (4.020-1ubuntu0.1)
trusty_libdbd-mysql-perl: released (4.025-1ubuntu0.1)
trusty/esm_libdbd-mysql-perl: released (4.025-1ubuntu0.1)
vivid/stable-phone-overlay_libdbd-mysql-perl: DNE
vivid/ubuntu-core_libdbd-mysql-perl: DNE
wily_libdbd-mysql-perl: ignored (reached end-of-life)
xenial_libdbd-mysql-perl: released (4.033-1ubuntu0.1)
devel_libdbd-mysql-perl: not-affected (4.035-1)