Accepted: mysql-dfsg-5.0 5.0.24a-9ubuntu2.3 (source)

Jamie Strandboge jamie at ubuntu.com
Wed Mar 12 08:13:47 GMT 2008 

Accepted:
 OK: mysql-dfsg-5.0_5.0.24a.orig.tar.gz
 OK: mysql-dfsg-5.0_5.0.24a-9ubuntu2.3.diff.gz
 OK: mysql-dfsg-5.0_5.0.24a-9ubuntu2.3.dsc
     -> Component: main Section: misc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 06 Mar 2008 09:09:00 -0500
Source: mysql-dfsg-5.0
Binary: libmysqlclient15-dev mysql-client mysql-client-5.0 mysql-server mysql-server-5.0 mysql-common libmysqlclient15off
Architecture: source
Version: 5.0.24a-9ubuntu2.3
Distribution: edgy-proposed
Urgency: low
Maintainer: Christian Hammers <ch at debian.org>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 libmysqlclient15-dev - mysql database development files
 libmysqlclient15off - mysql database client library
 mysql-client - mysql database client (current version)
 mysql-client-5.0 - mysql database client binaries
 mysql-common - mysql database common files (e.g. /etc/mysql/my.cnf)
 mysql-server - mysql database server (current version)
 mysql-server-5.0 - mysql database server binaries
Changes: 
 mysql-dfsg-5.0 (5.0.24a-9ubuntu2.3) edgy-proposed; urgency=low
 .
   * SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in
     handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
   * SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
   * debian/patches/99_SECURITY_CVE-2008-0226_0227.dpatch: properly verify
     length of input (LP: #186978).
   * SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY
     DEFINER VIEW and ALTER VIEW statements
   * debian/patches/100_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer
     is non-NULL in sql_view.cc (LP: #185039). This patch also fixes upstream
     bug #21080, which was needed to keep VIEW definitions in sync.
   * SECURITY UPDATE: denial of service via crafted EXPLAIN SELECT FROM on the
     INFORMATION_SCHEMA table
   * debian/patches/101_SECURITY_CVE-2006-7232.dpatch: make sure
     thd->lex-describe is non-NULL in sql_select.cc (LP: #161127)
   * debian/patches/102_view_fix-now.dpatch: update view.test and view.result to
     use a static year instead of now(). These tests are not part of the build
     but helps with qa-regression-testing
   * SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored
     routines
   * debian/patches/103_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access
     when returning from stored routine by performing privilege checks in the
     execution stage rather than the parsing stage.
   * References
     CVE-2008-0226
     CVE-2008-0227
     CVE-2007-6303
     CVE-2006-7232
     CVE-2007-2692
     http://bugs.mysql.com/bug.php?id=27337
     http://bugs.mysql.com/bug.php?id=21080
Files: 
 2a5a8fa96baca623dd73db5a76613a1a 1110 misc optional mysql-dfsg-5.0_5.0.24a-9ubuntu2.3.dsc
 769eeb747a2052f457b9b165534b552e 154655 misc optional mysql-dfsg-5.0_5.0.24a-9ubuntu2.3.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH14tsDecnbV4Fd/IRAro9AKDWKHFcaBv8pwet3zMul8WbJ8XCNgCffNNE
poEuqVrSfqZBA9ixwtiP2+c=
=Va0r
-----END PGP SIGNATURE-----

More information about the edgy-changes mailing list