Accepted mysql-dfsg-5.0 5.0.22-0ubuntu6.06.5 (source)
Ubuntu Installer
archive at ubuntu.com
Thu Oct 11 04:56:10 BST 2007
Accepted:
OK: mysql-dfsg-5.0_5.0.22.orig.tar.gz
OK: mysql-dfsg-5.0_5.0.22-0ubuntu6.06.5.diff.gz
OK: mysql-dfsg-5.0_5.0.22-0ubuntu6.06.5.dsc
-> Component: main Section: misc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 2 Oct 2007 14:46:02 -0400
Source: mysql-dfsg-5.0
Binary: libmysqlclient15-dev mysql-client mysql-client-5.0 mysql-server mysql-server-5.0 mysql-common libmysqlclient15off
Architecture: source
Version: 5.0.22-0ubuntu6.06.5
Distribution: dapper-security
Urgency: low
Maintainer: Jamie Strandboge <jamie at ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
libmysqlclient15-dev - mysql database development files
libmysqlclient15off - mysql database client library
mysql-client - mysql database client (current version)
mysql-client-5.0 - mysql database client binaries
mysql-common - mysql database common files (e.g. /etc/mysql/my.cnf)
mysql-server - mysql database server (current version)
mysql-server-5.0 - mysql database server binaries
Changes:
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.5) dapper-security; urgency=low
.
* SECURITY UPDATE: denial of service via crafted IF clause
* debian/patches/SECURITY_CVE-2007-2583.dpatch: fix sql/item_cmpfunc.cc
to verify res is not NULL
* SECURITY UPDATE: privilege escalation
* debian/patches/SECURITY_CVE-2007-2691.dpatch: fix sql/sql_parse.cc to
make sure DROP privileges are required when using RENAME TABLE
statements
* SECURITY UPDATE: denial of service via crafted authentication
request
* debian/patches/SECURITY_CVE-2007-3780.dpatch: fix sql/sql_parse.cc to
not overflow a signed char
* SECURITY UPDATE: privilege escalation via views
* debian/patches/SECURITY_CVE-2007-3782.dpatch: fix sql/sql_prepare.cc
and sql/sql_update.cc to properly verify access privileges to
external tables
* SECURITY UPDATE: warn on startup if root mysql account has a blank
password. debian/mysql-server-5.0.mysql.init: supply 'reset-password' and
check for blank password. Based on work by Soren Hansen.
* References
CVE-2007-2583
CVE-2007-2691
CVE-2007-3780
CVE-2007-3782
Launchpad #119075
Files:
ab778bf06352edb36a0fa19284f2288b 1107 misc optional mysql-dfsg-5.0_5.0.22-0ubuntu6.06.5.dsc
2ee9310c1637f93e11018eb97f9869be 136815 misc optional mysql-dfsg-5.0_5.0.22-0ubuntu6.06.5.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHDT/dH/9LqRcGPm0RAjFIAJ9pkStSb/FEayUmr08jeaN3d9lINgCeI5KA
2QkgSAfJAL7ATHbzbjRHhUE=
=KJeB
-----END PGP SIGNATURE-----
More information about the dapper-changes
mailing list