Accepted: mysql-dfsg-5.0 5.0.38-0ubuntu1.3 (source)
Jamie Strandboge
jamie at ubuntu.com
Wed Mar 12 08:10:59 GMT 2008
- Previous message: Accepted: lighttpd, lighttpd, lighttpd, lighttpd, lighttpd, lighttpd 1.4.13-9ubuntu4.5 (source, amd64, i386, ia64, powerpc, sparc)
- Next message: Accepted: tzdata 2008a-0ubuntu0.7.04 (source)
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Accepted:
OK: mysql-dfsg-5.0_5.0.38.orig.tar.gz
OK: mysql-dfsg-5.0_5.0.38-0ubuntu1.3.diff.gz
OK: mysql-dfsg-5.0_5.0.38-0ubuntu1.3.dsc
-> Component: main Section: misc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 06 Mar 2008 09:15:54 -0500
Source: mysql-dfsg-5.0
Binary: libmysqlclient15-dev mysql-client mysql-client-5.0 mysql-server mysql-server-4.1 mysql-server-5.0 mysql-common libmysqlclient15off
Architecture: source
Version: 5.0.38-0ubuntu1.3
Distribution: feisty-proposed
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
libmysqlclient15-dev - mysql database development files
libmysqlclient15off - mysql database client library
mysql-client - mysql database client (meta package depending on the latest versi
mysql-client-5.0 - mysql database client binaries
mysql-common - mysql database common files (e.g. /etc/mysql/my.cnf)
mysql-server - mysql database server (meta package depending on the latest versi
mysql-server-4.1 - mysql database server (transitional package)
mysql-server-5.0 - mysql database server binaries
Launchpad-Bugs-Fixed: 172260 185039 186978
Changes:
mysql-dfsg-5.0 (5.0.38-0ubuntu1.3) feisty-proposed; urgency=low
.
* SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in
handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
* SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
* debian/patches/97_SECURITY_CVE-2008-0226_0227.dpatch: properly verify
length of input (LP: #186978).
* SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY
DEFINER VIEW and ALTER VIEW statements
* debian/patches/98_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer
is non-NULL in sql_view.cc (LP: #185039)
* debian/patches/99_view_fix-now.dpatch: update view.test and view.result to
use a static year instead of now(). These tests are not part of the build
but helps with qa-regression-testing
* SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored
routines
* debian/patches/100_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access
when returning from stored routine by performing privilege checks in the
execution stage rather than the parsing stage. (LP: #172260)
* References
CVE-2008-0226
CVE-2008-0227
CVE-2007-6303
CVE-2007-2692
http://bugs.mysql.com/bug.php?id=27337
Files:
d8eb74997bc609358dd72b95e4f16594 1209 misc optional mysql-dfsg-5.0_5.0.38-0ubuntu1.3.dsc
2a77e05a8e57823486d251df249842e1 160686 misc optional mysql-dfsg-5.0_5.0.38-0ubuntu1.3.diff.gz
Original-Maintainer: Christian Hammers <ch at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH14uLDecnbV4Fd/IRAhLtAKC3pw5iOf+k64YPrfVFCZs5Qk/I3QCg6oor
tZxe7bywlWAflUHjTVQCAnY=
=btzd
-----END PGP SIGNATURE-----
- Previous message: Accepted: lighttpd, lighttpd, lighttpd, lighttpd, lighttpd, lighttpd 1.4.13-9ubuntu4.5 (source, amd64, i386, ia64, powerpc, sparc)
- Next message: Accepted: tzdata 2008a-0ubuntu0.7.04 (source)
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the feisty-changes
mailing list