[ubuntu/jaunty-security] mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.3_amd64_translations.tar.gz, mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.3_sparc_translations.tar.gz (delayed), mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.3_armel_translations.tar.gz, mysql-dfsg-5.0, mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.3_ia64_translations.tar.gz, mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.3_lpia_translations.tar.gz, mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.3_powerpc_translations.tar.gz, mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.3_i386_translations.tar.gz, mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.3_hppa_translations.tar.gz 5.1.30really5.0.75-0ubuntu10.3 (Accepted)

Ubuntu Installer archive at ubuntu.com
Wed Feb 10 14:04:40 GMT 2010 

mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu10.3) jaunty-security; urgency=low

  * SECURITY UPDATE: Cross-site scripting in the command-line client
    - debian/patches/93_CVE-2008-4456.dpatch: use xmlencode_print in
      client/mysql.cc, add test to mysql-test/*.
    - CVE-2008-4456
  * SECURITY UPDATE: format string vulnerabilities in the dispatch_command
    function
    - debian/patches/94_CVE-2009-2446.dpatch: use correct format string in
      sql/sql_parse.cc, add test to tests/mysql_client_test.c.
    - CVE-2009-2446
  * SECURITY UPDATE: denial of service via certain SELECT statements with
    subqueries and statements that use the GeomFromWKB function
    - debian/patches/95_CVE-2009-4019.dpatch: return proper errors in
      sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
      null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
    - CVE-2009-4019
  * SECURITY UPDATE: privilege restriction bypass via incorrect calculation
    of the mysql_unpacked_real_data_home value
    - debian/patches/96_CVE-2009-4030.dpatch: fix initialization order in
      sql/mysqld.cc.
    - CVE-2009-4030
  * SECURITY UPDATE: arbitrary code execution via yassl stack overflow
    - debian/patches/97_CVE-2009-4484.dpatch: validate lengths in
      extra/yassl/taocrypt/src/asn.*.
    - CVE-2009-4484
  * debian/patches/92_ssl_test_cert.dpatch: disabled patch as certs are now
    expired.
  * debian/patches/98_ssl_test_certs.dpatch: update certificates in the
    test suite as they are expired. The new certs expire 2015-01-28.

Date: Mon, 08 Feb 2010 08:50:16 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/mysql-dfsg-5.0/5.1.30really5.0.75-0ubuntu10.3
-------------- next part --------------
Format: 1.8
Date: Mon, 08 Feb 2010 08:50:16 -0500
Source: mysql-dfsg-5.0
Binary: libmysqlclient15off libmysqlclient15-dev mysql-common mysql-client-5.0 mysql-server-core-5.0 mysql-server-5.0 mysql-server mysql-client
Architecture: source
Version: 5.1.30really5.0.75-0ubuntu10.3
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libmysqlclient15-dev - MySQL database development files
 libmysqlclient15off - MySQL database client library
 mysql-client - MySQL database client (metapackage depending on the latest versio
 mysql-client-5.0 - MySQL database client binaries
 mysql-common - MySQL database common files
 mysql-server - MySQL database server (metapackage depending on the latest versio
 mysql-server-5.0 - MySQL database server binaries
 mysql-server-core-5.0 - MySQL database core server files
Changes: 
 mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu10.3) jaunty-security; urgency=low
 .
   * SECURITY UPDATE: Cross-site scripting in the command-line client
     - debian/patches/93_CVE-2008-4456.dpatch: use xmlencode_print in
       client/mysql.cc, add test to mysql-test/*.
     - CVE-2008-4456
   * SECURITY UPDATE: format string vulnerabilities in the dispatch_command
     function
     - debian/patches/94_CVE-2009-2446.dpatch: use correct format string in
       sql/sql_parse.cc, add test to tests/mysql_client_test.c.
     - CVE-2009-2446
   * SECURITY UPDATE: denial of service via certain SELECT statements with
     subqueries and statements that use the GeomFromWKB function
     - debian/patches/95_CVE-2009-4019.dpatch: return proper errors in
       sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
       null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
     - CVE-2009-4019
   * SECURITY UPDATE: privilege restriction bypass via incorrect calculation
     of the mysql_unpacked_real_data_home value
     - debian/patches/96_CVE-2009-4030.dpatch: fix initialization order in
       sql/mysqld.cc.
     - CVE-2009-4030
   * SECURITY UPDATE: arbitrary code execution via yassl stack overflow
     - debian/patches/97_CVE-2009-4484.dpatch: validate lengths in
       extra/yassl/taocrypt/src/asn.*.
     - CVE-2009-4484
   * debian/patches/92_ssl_test_cert.dpatch: disabled patch as certs are now
     expired.
   * debian/patches/98_ssl_test_certs.dpatch: update certificates in the
     test suite as they are expired. The new certs expire 2015-01-28.
Checksums-Sha1: 
 f51c0fe6d96f88fc112a0d26b04c534b0d093546 1956 mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.3.dsc
 03f279e18e28eea3fde626ac7e4c28865d1f4b54 352203 mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.3.diff.gz
Checksums-Sha256: 
 80551bdbd7206c346e275fb025f8086cf98f75583ebf0c679df262d5ffa869e7 1956 mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.3.dsc
 3a7d8d06c3fa573117cac68cbdbc8655aa8b6080972bf76b86e07a691d31549d 352203 mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.3.diff.gz
Files: 
 786a69531e3997a24963c2289c2f99a4 1956 misc optional mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.3.dsc
 0ec231929483bcf16d96cdb9b0f58c9f 352203 misc optional mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.3.diff.gz
Original-Maintainer: Debian MySQL Maintainers <pkg-mysql-maint at lists.alioth.debian.org>

More information about the Jaunty-changes mailing list