[ubuntu/dapper-security] mysql-dfsg-5.0 (delayed), mysql-dfsg-5.0 5.0.22-0ubuntu6.06.14 (Accepted)

Ubuntu Installer archive at ubuntu.com
Wed Jun 9 15:05:57 BST 2010 

mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.14) dapper-security; urgency=low

  * SECURITY UPDATE: privilege check bypass via crafted table name argument
    to COM_FIELD_LIST
    - debian/patches/111_CVE-2010-1848.dpatch: check table name in
      sql/sql_parse.cc, Add tests to tests/mysql_client_test.c.
    - CVE-2010-1848
  * SECURITY UPDATE: denial of service via large packets
    - debian/patches/110_CVE-2010-1849.dpatch: handle big packets in
      sql/sql_parse.cc, include/mysql_com.h, sql/net_serv.cc.
    - CVE-2010-1849
  * SECURITY UPDATE: arbitrary code execution via crafted table name
    argument to COM_FIELD_LIST
    - debian/patches/109_CVE-2010-1850.dpatch: check table name length in
      sql/sql_parse.cc.
    - CVE-2010-1850
  * SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack
    - debian/patches/112_CVE-2010-1626.dpatch: check for symlinks in
      myisam/mi_delete_table.c.
    - CVE-2010-1626

Date: Sun, 06 Jun 2010 23:45:00 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Christian Hammers <ch at debian.org>
https://launchpad.net/ubuntu/dapper/+source/mysql-dfsg-5.0/5.0.22-0ubuntu6.06.14
-------------- next part --------------
Format: 1.7
Date: Sun, 06 Jun 2010 23:45:00 -0400
Source: mysql-dfsg-5.0
Binary: libmysqlclient15-dev mysql-client mysql-client-5.0 mysql-server mysql-server-5.0 mysql-common libmysqlclient15off
Architecture: source
Version: 5.0.22-0ubuntu6.06.14
Distribution: dapper-security
Urgency: low
Maintainer: Christian Hammers <ch at debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libmysqlclient15-dev - mysql database development files
 libmysqlclient15off - mysql database client library
 mysql-client - mysql database client (current version)
 mysql-client-5.0 - mysql database client binaries
 mysql-common - mysql database common files (e.g. /etc/mysql/my.cnf)
 mysql-server - mysql database server (current version)
 mysql-server-5.0 - mysql database server binaries
Changes: 
 mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.14) dapper-security; urgency=low
 .
   * SECURITY UPDATE: privilege check bypass via crafted table name argument
     to COM_FIELD_LIST
     - debian/patches/111_CVE-2010-1848.dpatch: check table name in
       sql/sql_parse.cc, Add tests to tests/mysql_client_test.c.
     - CVE-2010-1848
   * SECURITY UPDATE: denial of service via large packets
     - debian/patches/110_CVE-2010-1849.dpatch: handle big packets in
       sql/sql_parse.cc, include/mysql_com.h, sql/net_serv.cc.
     - CVE-2010-1849
   * SECURITY UPDATE: arbitrary code execution via crafted table name
     argument to COM_FIELD_LIST
     - debian/patches/109_CVE-2010-1850.dpatch: check table name length in
       sql/sql_parse.cc.
     - CVE-2010-1850
   * SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack
     - debian/patches/112_CVE-2010-1626.dpatch: check for symlinks in
       myisam/mi_delete_table.c.
     - CVE-2010-1626
Files: 
 4163821bcd9371b422f6210d5985a0bf 1125 misc optional mysql-dfsg-5.0_5.0.22-0ubuntu6.06.14.dsc
 355c39cc92db0c279cb76d425e56f59b 170661 misc optional mysql-dfsg-5.0_5.0.22-0ubuntu6.06.14.diff.gz

More information about the dapper-changes mailing list