X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,KHOP_RCVD_TRUST,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE X-Spam-Check-By: sourceware.org MIME-Version: 1.0 In-Reply-To: <20130108223547.697962af@YAAKOV04> References: <20130108223547 DOT 697962af AT YAAKOV04> Date: Wed, 9 Jan 2013 16:47:26 -0600 Message-ID: Subject: Re: Updated: perl-DBI-1.623-1 From: Reini Urban To: The Cygwin Mailing List Content-Type: text/plain; charset=ISO-8859-1 X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On Tue, Jan 8, 2013 at 10:35 PM, Yaakov wrote: > The following package has been updated in the Cygwin distribution: > > *** perl-DBI-1.623-1 > > The Perl Database Interface (DBI) provides a single API to access a wide > variety of databases, support for which is provided by a DBD::* driver > module (such as perl-DBD-mysql for MySQL servers). > > This is an update to the latest upstream release. Note: I strongly advise against the use of DBI-1.622 and 1.623 on public facing systems, because of https://rt.cpan.org/Ticket/Display.html?id=75614 This is the currently biggest known perl security problem, besides require "strict.pm\0shellcode"; and similar nul-char syscalls. Not that is likely that cygwin is used on public servers, but who knows... The patches are at also at https://github.com/rurban/distroprefs -- Reini Urban http://cpanel.net/ http://www.perl-compiler.org/ -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple