Version in base suite: 1.647-1

Base version: libdbi-perl_1.647-1
Target version: libdbi-perl_1.647-1+deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/libd/libdbi-perl/libdbi-perl_1.647-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/libd/libdbi-perl/libdbi-perl_1.647-1+deb13u1.dsc

 changelog                                                          |    9 ++
 patches/Fix-possible-stack-overflow-old-issue-already-noted-.patch |   37 ++++++++++
 patches/Replacing-with-p-in-preparse-with-more-than-9-causes.patch |   33 ++++++++
 patches/series                                                     |    2 
 4 files changed, 81 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpvyqd478a/libdbi-perl_1.647-1.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpvyqd478a/libdbi-perl_1.647-1+deb13u1.dsc: no acceptable signature found
diff -Nru libdbi-perl-1.647/debian/changelog libdbi-perl-1.647/debian/changelog
--- libdbi-perl-1.647/debian/changelog	2025-02-01 00:02:21.000000000 +0000
+++ libdbi-perl-1.647/debian/changelog	2026-06-09 14:04:25.000000000 +0000
@@ -1,3 +1,12 @@
+libdbi-perl (1.647-1+deb13u1) trixie-security; urgency=high
+
+  * Team upload.
+  * Fix possible stack overflow (CVE-2026-9698)
+  * Replacing `?` with `:p#` in `preparse ()` with more than 9 `?` causes
+    buffer overflow (CVE-2026-10879)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Tue, 09 Jun 2026 16:04:25 +0200
+
 libdbi-perl (1.647-1) unstable; urgency=medium
 
   * Import upstream version 1.647.
diff -Nru libdbi-perl-1.647/debian/patches/Fix-possible-stack-overflow-old-issue-already-noted-.patch libdbi-perl-1.647/debian/patches/Fix-possible-stack-overflow-old-issue-already-noted-.patch
--- libdbi-perl-1.647/debian/patches/Fix-possible-stack-overflow-old-issue-already-noted-.patch	1970-01-01 00:00:00.000000000 +0000
+++ libdbi-perl-1.647/debian/patches/Fix-possible-stack-overflow-old-issue-already-noted-.patch	2026-06-09 14:04:25.000000000 +0000
@@ -0,0 +1,37 @@
+From: "H.Merijn Brand - Tux" <linux@tux.freedom.nl>
+Date: Wed, 27 May 2026 11:16:50 +0200
+Subject: Fix possible stack overflow (old issue already noted by Tim)
+Origin: https://github.com/perl5-dbi/dbi/commit/bfe5d73c162d2d1f761a639a0aa33aad6a9eb54e
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2026-9698
+
+---
+ ChangeLog          | 3 ++-
+ DBI.xs             | 7 ++-----
+ Makefile.PL        | 1 +
+ dbixs_rev.h        | 4 ++--
+ lib/DBI/Changes.pm | 6 +++++-
+ 5 files changed, 12 insertions(+), 9 deletions(-)
+
+--- a/DBI.xs
++++ b/DBI.xs
+@@ -4000,7 +4000,6 @@ XS(XS_DBI_dispatch)
+         SV **statement_svp = NULL;
+         const int is_warning = (!SvTRUE(err_sv) && strlen(SvPV_nolen(err_sv))==1);
+         const char *err_meth_name = meth_name;
+-        char intro[200];
+ 
+         if (meth_type == methtype_set_err) {
+             SV **sem_svp = hv_fetch((HV*)SvRV(h), "dbi_set_err_method", 18, GV_ADDWARN);
+@@ -4008,10 +4007,8 @@ XS(XS_DBI_dispatch)
+                 err_meth_name = SvPV_nolen(*sem_svp);
+         }
+ 
+-        /* XXX change to vsprintf into sv directly */
+-        sprintf(intro,"%s %s %s: ", HvNAME(DBIc_IMP_STASH(imp_xxh)), err_meth_name,
+-            SvTRUE(err_sv) ? "failed" : is_warning ? "warning" : "information");
+-        msg = sv_2mortal(newSVpv(intro,0));
++        msg = sv_2mortal(newSVpvf("%s %s %s: ", HvNAME(DBIc_IMP_STASH(imp_xxh)), err_meth_name,
++            SvTRUE(err_sv) ? "failed" : is_warning ? "warning" : "information"));
+         if (SvOK(DBIc_ERRSTR(imp_xxh)))
+             sv_catsv(msg, DBIc_ERRSTR(imp_xxh));
+         else
diff -Nru libdbi-perl-1.647/debian/patches/Replacing-with-p-in-preparse-with-more-than-9-causes.patch libdbi-perl-1.647/debian/patches/Replacing-with-p-in-preparse-with-more-than-9-causes.patch
--- libdbi-perl-1.647/debian/patches/Replacing-with-p-in-preparse-with-more-than-9-causes.patch	1970-01-01 00:00:00.000000000 +0000
+++ libdbi-perl-1.647/debian/patches/Replacing-with-p-in-preparse-with-more-than-9-causes.patch	2026-06-09 14:04:25.000000000 +0000
@@ -0,0 +1,33 @@
+From: "H.Merijn Brand - Tux" <linux@tux.freedom.nl>
+Date: Thu, 28 May 2026 14:14:50 +0200
+Subject: Replacing `?` with `:p#` in `preparse ()` with more than 9 `?` causes
+ buffer overflow
+Origin: https://github.com/perl5-dbi/dbi/commit/af79036c07aa9a457971c0f4136e37c85dc20978
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2026-10879
+
+`:p1` is length 3, `?` just 1, but `:p1003` is length 6!
+---
+ ChangeLog          | 1 +
+ DBI.xs             | 2 +-
+ dbixs_rev.h        | 4 ++--
+ doc/DBI.3          | 2 +-
+ doc/DBI.man        | 2 +-
+ lib/DBI/Changes.pm | 4 ++++
+ 6 files changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/DBI.xs b/DBI.xs
+index b68a16013d4e..80dce14db984 100644
+--- a/DBI.xs
++++ b/DBI.xs
+@@ -4203,7 +4203,7 @@ preparse(SV *dbh, const char *statement, IV ps_return, IV ps_accept, void *foo)
+     }
+ 
+     /* XXX this allocation strategy won't work when we get to more advanced stuff */
+-    new_stmt_sv = newSV(strlen(statement) * 3);
++    new_stmt_sv = newSV(strlen(statement) * 6 + 16);
+     sv_setpv(new_stmt_sv,"");
+     src  = statement;
+     dest = SvPVX(new_stmt_sv);
+-- 
+2.53.0
+
diff -Nru libdbi-perl-1.647/debian/patches/series libdbi-perl-1.647/debian/patches/series
--- libdbi-perl-1.647/debian/patches/series	2025-02-01 00:02:21.000000000 +0000
+++ libdbi-perl-1.647/debian/patches/series	2026-06-09 14:04:25.000000000 +0000
@@ -1,3 +1,5 @@
 t__06attrs.t__localefix.patch
 t__40profile.t__NTP.patch
 t__80proxy.t___syslogd.patch
+Fix-possible-stack-overflow-old-issue-already-noted-.patch
+Replacing-with-p-in-preparse-with-more-than-9-causes.patch