Release 4.037, includes fix for CVE-2016-1246.

perl5-dbi · Oct 2, 2016 · 394a952 · 394a952
1 parent 7c164a0
commit 394a952
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 2 deletions.
diff --git a/Changes b/Changes
@@ -1,3 +1,10 @@
+2016-10-03 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.037)
+* Security release to patch possible buffer overflow in prepared
+  statements. Reported and fixed by Pali Rohár. This vulnerability
+  is present in all releases at least back to versions 3.0 of the
+  driver, which were released in 2005.
+  The CVE identifier for this vulnerability is CVE-2016-1246.
+
 2016-08-23 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.036)
 Stable version, to include all changes since 4.035.
 

diff --git a/lib/Bundle/DBD/mysql.pm b/lib/Bundle/DBD/mysql.pm
@@ -3,7 +3,7 @@ package Bundle::DBD::mysql;
 use strict;
 use warnings;
 
-our $VERSION = '4.036';
+our $VERSION = '4.037';
 
 1;
 

diff --git a/lib/DBD/mysql.pm b/lib/DBD/mysql.pm
@@ -15,7 +15,7 @@ our @ISA = qw(DynaLoader);
 # SQL_DRIVER_VER is formatted as dd.dd.dddd
 # for version 5.x please switch to 5.00(_00) version numbering
 # keep $VERSION in Bundle/DBD/mysql.pm in sync
-our $VERSION = '4.036';
+our $VERSION = '4.037';
 
 bootstrap DBD::mysql $VERSION;