Accepted: mysql-dfsg-5.0 5.0.22-0ubuntu6.06.7 (source)
Jamie Strandboge
jamie at ubuntu.com
Wed Mar 12 08:15:37 GMT 2008
- Previous message: Accepted: lighttpd, lighttpd, lighttpd, lighttpd, lighttpd, lighttpd, lighttpd 1.4.11-3ubuntu3.8 (source, amd64, hppa, i386, ia64, powerpc, sparc)
- Next message: Accepted: langpack-locales 2.3.18.10 (source)
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Accepted:
OK: mysql-dfsg-5.0_5.0.22.orig.tar.gz
OK: mysql-dfsg-5.0_5.0.22-0ubuntu6.06.7.diff.gz
OK: mysql-dfsg-5.0_5.0.22-0ubuntu6.06.7.dsc
-> Component: main Section: misc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 06 Mar 2008 07:53:05 -0500
Source: mysql-dfsg-5.0
Binary: libmysqlclient15-dev mysql-client mysql-client-5.0 mysql-server mysql-server-5.0 mysql-common libmysqlclient15off
Architecture: source
Version: 5.0.22-0ubuntu6.06.7
Distribution: dapper-proposed
Urgency: low
Maintainer: Christian Hammers <ch at debian.org>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
libmysqlclient15-dev - mysql database development files
libmysqlclient15off - mysql database client library
mysql-client - mysql database client (current version)
mysql-client-5.0 - mysql database client binaries
mysql-common - mysql database common files (e.g. /etc/mysql/my.cnf)
mysql-server - mysql database server (current version)
mysql-server-5.0 - mysql database server binaries
Changes:
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.7) dapper-proposed; urgency=low
.
* SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in
handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
* SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
* debian/patches/99_SECURITY_CVE-2008-0226_0227.dpatch: properly verify
length of input (LP: #186978). Note that while this patch is included,
mysql on Ubuntu 6.06 is not compiled with yassl enabled.
* SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY
DEFINER VIEW and ALTER VIEW statements
* debian/patches/100_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer
is non-NULL in sql_view.cc (LP: #185039). This patch also fixes upstream
bug #21080, which was needed to keep VIEW definitions in sync.
* SECURITY UPDATE: denial of service via crafted EXPLAIN SELECT FROM on the
INFORMATION_SCHEMA table
* debian/patches/101_SECURITY_CVE-2006-7232.dpatch: make sure
thd->lex-describe is non-NULL in sql_select.cc (LP: #161127)
* debian/patches/102_view_fix-now.dpatch: update view.test and view.result to
use a static year instead of now(). These tests are not part of the build
but helps with qa-regression-testing
* SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored
routines
* debian/patches/103_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access
when returning from stored routine by performing privilege checks in the
execution stage rather than the parsing stage. This patch also fixes
upstream bug #18681, which was needed to properly check view security.
* References
CVE-2008-0226
CVE-2008-0227
CVE-2007-6303
CVE-2006-7232
CVE-2007-2692
http://bugs.mysql.com/bug.php?id=27337
http://bugs.mysql.com/bug.php?id=18681
http://bugs.mysql.com/bug.php?id=21080
Files:
e525027e63ca85f209646db0a5cf95c4 1114 misc optional mysql-dfsg-5.0_5.0.22-0ubuntu6.06.7.dsc
b6ffb7fa2b7f8fc7b61ee52d7a932601 153990 misc optional mysql-dfsg-5.0_5.0.22-0ubuntu6.06.7.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH14tZDecnbV4Fd/IRAk86AKD3pGOJ6iehrqw8srITkFabIRtITQCg1umu
zZLu2AsaRWIz6wGe/N2Wfh4=
=5CI1
-----END PGP SIGNATURE-----
- Previous message: Accepted: lighttpd, lighttpd, lighttpd, lighttpd, lighttpd, lighttpd, lighttpd 1.4.11-3ubuntu3.8 (source, amd64, hppa, i386, ia64, powerpc, sparc)
- Next message: Accepted: langpack-locales 2.3.18.10 (source)
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the dapper-changes
mailing list