[ubuntu/hardy-security] mysql-dfsg-5.0_5.0.51a-3ubuntu5.5_i386_translations.tar.gz, mysql-dfsg-5.0_5.0.51a-3ubuntu5.5_hppa_translations.tar.gz, mysql-dfsg-5.0_5.0.51a-3ubuntu5.5_sparc_translations.tar.gz (delayed), mysql-dfsg-5.0, mysql-dfsg-5.0_5.0.51a-3ubuntu5.5_ia64_translations.tar.gz, mysql-dfsg-5.0_5.0.51a-3ubuntu5.5_amd64_translations.tar.gz, mysql-dfsg-5.0_5.0.51a-3ubuntu5.5_powerpc_translations.tar.gz, mysql-dfsg-5.0_5.0.51a-3ubuntu5.5_lpia_translations.tar.gz 5.0.51a-3ubuntu5.5 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Wed Feb 10 14:05:46 GMT 2010
mysql-dfsg-5.0 (5.0.51a-3ubuntu5.5) hardy-security; urgency=low
* SECURITY UPDATE: Cross-site scripting in the command-line client
- debian/patches/97_CVE-2008-4456.dpatch: use xmlencode_print in
client/mysql.cc, add test to mysql-test/*.
- CVE-2008-4456
* SECURITY UPDATE: format string vulnerabilities in the dispatch_command
function
- debian/patches/97_CVE-2009-2446.dpatch: use correct format string in
sql/sql_parse.cc, add test to tests/mysql_client_test.c.
- CVE-2009-2446
* SECURITY UPDATE: denial of service via certain SELECT statements with
subqueries and statements that use the GeomFromWKB function
- debian/patches/97_CVE-2009-4019.dpatch: return proper errors in
sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
- CVE-2009-4019
* SECURITY UPDATE: privilege restriction bypass via incorrect calculation
of the mysql_unpacked_real_data_home value
- debian/patches/97_CVE-2009-4030.dpatch: fix initialization order in
sql/mysqld.cc.
- CVE-2009-4030
* SECURITY UPDATE: arbitrary code execution via yassl stack overflow
- debian/patches/98_CVE-2009-4484.dpatch: validate lengths in
extra/yassl/taocrypt/src/asn.*.
- CVE-2009-4484
* debian/patches/99_ssl_test_certs.dpatch: update certificates in the
test suite as they are expired. The new certs expire 2015-01-28.
(LP: #323755)
Date: Mon, 08 Feb 2010 09:01:56 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/mysql-dfsg-5.0/5.0.51a-3ubuntu5.5
-------------- next part --------------
Format: 1.7
Date: Mon, 08 Feb 2010 09:01:56 -0500
Source: mysql-dfsg-5.0
Binary: libmysqlclient15off libmysqlclient15-dev mysql-common mysql-client-5.0 mysql-server-5.0 mysql-server mysql-client
Architecture: source
Version: 5.0.51a-3ubuntu5.5
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libmysqlclient15-dev - MySQL database development files
libmysqlclient15off - MySQL database client library
mysql-client - MySQL database client (meta package depending on the latest versi
mysql-client-5.0 - MySQL database client binaries
mysql-common - MySQL database common files
mysql-server - MySQL database server (meta package depending on the latest versi
mysql-server-5.0 - MySQL database server binaries
Launchpad-Bugs-Fixed: 323755
Changes:
mysql-dfsg-5.0 (5.0.51a-3ubuntu5.5) hardy-security; urgency=low
.
* SECURITY UPDATE: Cross-site scripting in the command-line client
- debian/patches/97_CVE-2008-4456.dpatch: use xmlencode_print in
client/mysql.cc, add test to mysql-test/*.
- CVE-2008-4456
* SECURITY UPDATE: format string vulnerabilities in the dispatch_command
function
- debian/patches/97_CVE-2009-2446.dpatch: use correct format string in
sql/sql_parse.cc, add test to tests/mysql_client_test.c.
- CVE-2009-2446
* SECURITY UPDATE: denial of service via certain SELECT statements with
subqueries and statements that use the GeomFromWKB function
- debian/patches/97_CVE-2009-4019.dpatch: return proper errors in
sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
- CVE-2009-4019
* SECURITY UPDATE: privilege restriction bypass via incorrect calculation
of the mysql_unpacked_real_data_home value
- debian/patches/97_CVE-2009-4030.dpatch: fix initialization order in
sql/mysqld.cc.
- CVE-2009-4030
* SECURITY UPDATE: arbitrary code execution via yassl stack overflow
- debian/patches/98_CVE-2009-4484.dpatch: validate lengths in
extra/yassl/taocrypt/src/asn.*.
- CVE-2009-4484
* debian/patches/99_ssl_test_certs.dpatch: update certificates in the
test suite as they are expired. The new certs expire 2015-01-28.
(LP: #323755)
Files:
550486d7eb0d9bb0a16d9b6354c5ce63 1431 misc optional mysql-dfsg-5.0_5.0.51a-3ubuntu5.5.dsc
5d60913fc963e3e79d7359ad34e01d73 339669 misc optional mysql-dfsg-5.0_5.0.51a-3ubuntu5.5.diff.gz
Original-Maintainer: Debian MySQL Maintainers <pkg-mysql-maint at lists.alioth.debian.org>
More information about the Hardy-changes
mailing list