/ 
DBD-Pg-1.49
River stage three • 83 direct dependents • 164 total dependents
Security Advisories (3)
CVE-2009-1341 (2009-04-30)

Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.

CVE-2009-0663 (2009-04-30)

Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.

CVE-2012-1151 (2012-09-09)

Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.

Changes for version 1.49

  • Thanks to Backcountry.com for sponsoring work on this release. [GSM]
  • Add the statement handle attribute ParamTypes, and fix an error in ParamValues. ParamTypes requires DBI 1.49 or better. [GSM]
  • Strip the final newline from error messages, so that die can add in the line number. (CPAN bug #18900) [GSM]
  • Make workaround for PQresultErrorField not returning proper result when an error is set and we are connecting via TCP/IP. This allows correct $dbh->state() values. [GSM]
  • Fix incorrect quoting preventing compiling. (CPAN bug #18640)
  • Add support for quoting and binding of geometric types: POINT, LINE, LSEG, BOX, PATH, POLYGON, and CIRCLE. Also added the TID type. [GSM]

Modules

DBD::Pg
PostgreSQL database driver for the DBI module

Other files