* If the database test server was not on localhost and the test database was * By mistake, when DBD::mysql was compiled against libmariadb, it Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.035_03) Stable version, to include all changes since 4.035. Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.036) The CVE identifier for this vulnerability is CVE-2016-1246. Is present in all releases at least back to versions 3.0 of the
* Security release to patch possible buffer overflow in prepared Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.037) * Fix from Pali Rohár to not use unsafe sprintf with variable lengt,Ĭhanges to bind logic, and added test 40server_prepare_crash. Thanks to Sergei Golubchik for suggesting the fix. If this macro is not present we would notĬompile in the poll.h-based async-support. * Newest versions of libmysqlclient and the MariaDB C connector no longerĮxport the _WIN_ macro. Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.037_01) Use thisįeature and stores MYSQL_TYPE_LONGLONG as integers instead of strings
With 64 bit support (default on 64bit linux with gcc). * Perl's IV in scalar can store 64bit integer when perl was compiled
* Fix unit test for 40server_prepare_crash on Windows (pali) * Fixes for compiling against newer libmysqlclient on Windows (kmx) * Version 4.037_1 had fixes for MySQL 8.0 providedīernt Johnsen Oracle that were not in the Changelogs Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.038) * Travis: also test on perl 5.22 and 5.24. * Include errno.h for MYSQL_ASYNC because it uses errno variable (pali) * Use correct format in printf instead of casting variable types (pali) * Add support for fetching columns of BIT type with * Correctly coerce fetched scalar values when mysql_server_prepare is * For efficiency use newSVpvn() instead newSVpv() where possible (pali) H.Merijn Brand, improved by Bernt Johnsen Oracle. * Fix compilation against libmariadbclient. * Fix compilation of embedded server (pali) Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.038_01) * Fix for security issue Out-of-bounds read by DBD::mysql CVE-2016-1249 (pali) Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.039) * Test t/40server_prepare.t used incorrect SQL type for big (64bit) integers * Test t/41int_min_max.t was running only for normal non-prepared statements * Numeric conversions in perl which led to overflow/underflow was ignored * All unsigned types were handled as signed, so all high positive values
* 32bit MYSQL_TYPE_LONG was used for perl's IV storage when IV was 64bitĪnd 64bit MYSQL_TYPE_LONGLONG was used when IV was 32bit * SQL_BIGINT was incorrectly handled as 32bit MYSQL_TYPE_LONG type insteadĦ4bit MYSQL_TYPE_LONGLONG which led to integer overflow/underflow Fix by Pali Rohár.įix integer types when server side prepare statements are enabled Thanks to Salvatore Bonaccorso Debian projectįor reporting the issues. * Since 4.038 we had problems compiling on big-endian architectures, suchĪs MIPS, s390 and Sparc. Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.040) See /usr/share/doc/packages/perl-DBD-mysql/Changes * auto_reconnect now also matches CR_SERVER_LOST, previously this only This is a medium level security issue to which the Debian security teamĪssigned identifier CVE-2016-1251. This patch fix this problem and properly updates pointer in imp_sth->stmt That leads to use-after-free in any mysql function which access
*DBD::mysql* is the Perl5 Database Interface driver for the MySQL database. Summary: MySQL driver for the Perl5 Database Interface (DBI)