Accepted mysql-dfsg 4.0.23-3ubuntu1 (source)

Martin Pitt martin.pitt at ubuntu.com
Tue Mar 15 12:25:08 CST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 15 Mar 2005 15:43:05 +0000
Source: mysql-dfsg
Binary: libmysqlclient12 mysql-client libmysqlclient12-dev mysql-server mysql-common
Architecture: source
Version: 4.0.23-3ubuntu1
Distribution: hoary
Urgency: low
Maintainer: Christian Hammers <ch at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 libmysqlclient12 - mysql database client library
 libmysqlclient12-dev - mysql database development files
 mysql-client - mysql database client binaries
 mysql-common - mysql database common files (e.g. /etc/mysql/my.cnf)
 mysql-server - mysql database server binaries
Changes: 
 mysql-dfsg (4.0.23-3ubuntu1) hoary; urgency=low
 .
   * SECURITY UPDATE: Fix several privilege escalation vulnerabilities.
   * Added debian/patches/CAN-2005-0709-0710-0711.diff (and applied it):
     - Fix arbitrary code execution by using CREATE FUNCTION to access libc
       calls.
       References:
       + CAN-2005-0709
       + http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.html
     - Fix CREATE FUNCTION mysql.func table arbitrary library injection.
       + CAN-2005-0710
       + http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0083.html
     - Fix insecure temporary table creation.
       References:
       + CAN-2005-0711
       + http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html
     - Patches taken from BitKeeper:
       + http://mysql.bkbits.net:8080/mysql-4.0/cset@1.2059.7.1
       + http://mysql.bkbits.net:8080/mysql-4.0/cset@1.2059.7.2
       + http://mysql.bkbits.net:8080/mysql-4.0/cset@1.2068
   * debian/mysql-server.postinst:
     - For historical reasons /usr/share/mysql/ was owned and writable by
       the user "mysql". This is a security problem as some scripts that
       are run by root are in this directory and could be modified and used
       by a malicious user who already has mysql privileges to gain full root
       rights.
     - Thanks to Matt Brubeck.
     - Taken from version 4.0.23-4.
Files: 
 273eb04ab60fa9df60d910f3fc312a93 887 misc optional mysql-dfsg_4.0.23-3ubuntu1.dsc
 a4c6dbdf73ac38fb6ed1ec955065e975 346585 misc optional mysql-dfsg_4.0.23-3ubuntu1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCNyEzDecnbV4Fd/IRAizkAJwKtfMFrBmeK9qIl0Ax9Srw3csOJQCg5swL
qeHlAwsqCuvQVPl/cdjXaN8=
=gJY8
-----END PGP SIGNATURE-----


Accepted:
mysql-dfsg_4.0.23-3ubuntu1.diff.gz
  to pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23-3ubuntu1.diff.gz
mysql-dfsg_4.0.23-3ubuntu1.dsc
  to pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23-3ubuntu1.dsc

More information about the hoary-changes mailing list