Accepted: mysql-dfsg-5.0 5.0.45-1ubuntu3.2 (source)

Jamie Strandboge jamie at ubuntu.com
Wed Mar 12 08:08:56 GMT 2008 

Accepted:
 OK: mysql-dfsg-5.0_5.0.45.orig.tar.gz
 OK: mysql-dfsg-5.0_5.0.45-1ubuntu3.2.diff.gz
 OK: mysql-dfsg-5.0_5.0.45-1ubuntu3.2.dsc
     -> Component: main Section: misc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 06 Mar 2008 09:26:24 -0500
Source: mysql-dfsg-5.0
Binary: libmysqlclient15-dev mysql-client mysql-client-5.0 mysql-server mysql-server-5.0 mysql-common libmysqlclient15off
Architecture: source
Version: 5.0.45-1ubuntu3.2
Distribution: gutsy-proposed
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 libmysqlclient15-dev - MySQL database development files
 libmysqlclient15off - MySQL database client library
 mysql-client - MySQL database client (meta package depending on the latest versi
 mysql-client-5.0 - MySQL database client binaries
 mysql-common - MySQL database common files
 mysql-server - MySQL database server (meta package depending on the latest versi
 mysql-server-5.0 - MySQL database server binaries
Launchpad-Bugs-Fixed: 185039 186978
Changes: 
 mysql-dfsg-5.0 (5.0.45-1ubuntu3.2) gutsy-proposed; urgency=low
 .
   * SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in
     handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
   * SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
   * debian/patches/95_SECURITY_CVE-2008-0226_0227.dpatch: properly verify
     length of input (LP: #186978)
   * SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY
     DEFINER VIEW and ALTER VIEW statements
   * debian/patches/96_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer
     is non-NULL in sql_view.cc (LP: #185039)
   * debian/patches/97_view_fix-now.dpatch: update view.test and view.result to
     use a static year instead of now(). These tests are not part of the build
     but helps with qa-regression-testing
   * References
     CVE-2008-0226
     CVE-2008-0227
     CVE-2007-6303
Files: 
 f560c72da85b3f2e1f1209b98915e2ef 1294 misc optional mysql-dfsg-5.0_5.0.45-1ubuntu3.2.dsc
 7021ca679f19263f6f9ec8ee5ccb8cab 235379 misc optional mysql-dfsg-5.0_5.0.45-1ubuntu3.2.diff.gz
Original-Maintainer: Debian MySQL Maintainers <pkg-mysql-maint at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH14ulDecnbV4Fd/IRAqVNAKCBY6QDXsUGDZdAOLZyawwM1uqbPQCeISCC
BaOtFME8+5SSSpk1lM+yMb4=
=NO04
-----END PGP SIGNATURE-----

More information about the gutsy-changes mailing list