[ubuntu/intrepid-security] mysql-dfsg-5.0_5.0.67-0ubuntu6.1_i386_translations.tar.gz, mysql-dfsg-5.0_5.0.67-0ubuntu6.1_amd64_translations.tar.gz, mysql-dfsg-5.0, mysql-dfsg-5.0_5.0.67-0ubuntu6.1_hppa_translations.tar.gz, mysql-dfsg-5.0_5.0.67-0ubuntu6.1_powerpc_translations.tar.gz, mysql-dfsg-5.0_5.0.67-0ubuntu6.1_lpia_translations.tar.gz, mysql-dfsg-5.0_5.0.67-0ubuntu6.1_ia64_translations.tar.gz, mysql-dfsg-5.0_5.0.67-0ubuntu6.1_sparc_translations.tar.gz (delayed) 5.0.67-0ubuntu6.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Wed Feb 10 14:05:16 GMT 2010
mysql-dfsg-5.0 (5.0.67-0ubuntu6.1) intrepid-security; urgency=low
* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
existing table files in the data directory. This fix alters table creation
behaviour by disallowing the use of the MySQL data directory in DATA
DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
- debian/patches/92_CVE-2008-4098.dpatch: Disallow use of MySQL
data directory in DATA DIRECTORY and INDEX DIRECTORY options.
- CVE-2008-4098
* SECURITY UPDATE: Cross-site scripting in the command-line client
- debian/patches/92_CVE-2008-4456.dpatch: use xmlencode_print in
client/mysql.cc, add test to mysql-test/*.
- CVE-2008-4456
* SECURITY UPDATE: format string vulnerabilities in the dispatch_command
function
- debian/patches/92_CVE-2009-2446.dpatch: use correct format string in
sql/sql_parse.cc, add test to tests/mysql_client_test.c.
- CVE-2009-2446
* SECURITY UPDATE: denial of service via certain SELECT statements with
subqueries and statements that use the GeomFromWKB function
- debian/patches/92_CVE-2009-4019.dpatch: return proper errors in
sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
- CVE-2009-4019
* SECURITY UPDATE: privilege restriction bypass via incorrect calculation
of the mysql_unpacked_real_data_home value
- debian/patches/92_CVE-2009-4030.dpatch: fix initialization order in
sql/mysqld.cc.
- CVE-2009-4030
* SECURITY UPDATE: arbitrary code execution via yassl stack overflow
- debian/patches/93_CVE-2009-4484.dpatch: validate lengths in
extra/yassl/taocrypt/src/asn.*.
- CVE-2009-4484
* debian/patches/94_ssl_test_certs.dpatch: update certificates in the
test suite as they are expired. The new certs expire 2015-01-28.
(LP: #323755)
Date: Mon, 08 Feb 2010 09:00:54 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/intrepid/+source/mysql-dfsg-5.0/5.0.67-0ubuntu6.1
-------------- next part --------------
Format: 1.8
Date: Mon, 08 Feb 2010 09:00:54 -0500
Source: mysql-dfsg-5.0
Binary: libmysqlclient15off libmysqlclient15-dev mysql-common mysql-client-5.0 mysql-server-5.0 mysql-server mysql-client
Architecture: source
Version: 5.0.67-0ubuntu6.1
Distribution: intrepid-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libmysqlclient15-dev - MySQL database development files
libmysqlclient15off - MySQL database client library
mysql-client - MySQL database client (metapackage depending on the latest versio
mysql-client-5.0 - MySQL database client binaries
mysql-common - MySQL database common files
mysql-server - MySQL database server (metapackage depending on the latest versio
mysql-server-5.0 - MySQL database server binaries
Launchpad-Bugs-Fixed: 254129 323755
Changes:
mysql-dfsg-5.0 (5.0.67-0ubuntu6.1) intrepid-security; urgency=low
.
* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
existing table files in the data directory. This fix alters table creation
behaviour by disallowing the use of the MySQL data directory in DATA
DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
- debian/patches/92_CVE-2008-4098.dpatch: Disallow use of MySQL
data directory in DATA DIRECTORY and INDEX DIRECTORY options.
- CVE-2008-4098
* SECURITY UPDATE: Cross-site scripting in the command-line client
- debian/patches/92_CVE-2008-4456.dpatch: use xmlencode_print in
client/mysql.cc, add test to mysql-test/*.
- CVE-2008-4456
* SECURITY UPDATE: format string vulnerabilities in the dispatch_command
function
- debian/patches/92_CVE-2009-2446.dpatch: use correct format string in
sql/sql_parse.cc, add test to tests/mysql_client_test.c.
- CVE-2009-2446
* SECURITY UPDATE: denial of service via certain SELECT statements with
subqueries and statements that use the GeomFromWKB function
- debian/patches/92_CVE-2009-4019.dpatch: return proper errors in
sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
- CVE-2009-4019
* SECURITY UPDATE: privilege restriction bypass via incorrect calculation
of the mysql_unpacked_real_data_home value
- debian/patches/92_CVE-2009-4030.dpatch: fix initialization order in
sql/mysqld.cc.
- CVE-2009-4030
* SECURITY UPDATE: arbitrary code execution via yassl stack overflow
- debian/patches/93_CVE-2009-4484.dpatch: validate lengths in
extra/yassl/taocrypt/src/asn.*.
- CVE-2009-4484
* debian/patches/94_ssl_test_certs.dpatch: update certificates in the
test suite as they are expired. The new certs expire 2015-01-28.
(LP: #323755)
Checksums-Sha1:
208ecaa193c47630866b35b0e6441636ace2f300 1845 mysql-dfsg-5.0_5.0.67-0ubuntu6.1.dsc
7bf5fbeccdca02fbdbbb17344113c9e94e1578c0 336351 mysql-dfsg-5.0_5.0.67-0ubuntu6.1.diff.gz
Checksums-Sha256:
8652dcb953b9c42fba81ceec29aef4e5fa3cfc7207023cb3bbc04c6eeeb26419 1845 mysql-dfsg-5.0_5.0.67-0ubuntu6.1.dsc
05e151e411cc4f0fd508876b1bde8825678e1522b757c981d773130d3eee7050 336351 mysql-dfsg-5.0_5.0.67-0ubuntu6.1.diff.gz
Files:
c2756cc5a230d0eeab3c766031df39c8 1845 misc optional mysql-dfsg-5.0_5.0.67-0ubuntu6.1.dsc
a373771dfabdc93b4171d9478a36ea5a 336351 misc optional mysql-dfsg-5.0_5.0.67-0ubuntu6.1.diff.gz
Original-Maintainer: Debian MySQL Maintainers <pkg-mysql-maint at lists.alioth.debian.org>
More information about the Intrepid-changes
mailing list