Wed Jun 9 15:04:48 BST 2010

mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu10.5) jaunty-security; urgency=low

  * SECURITY UPDATE: privilege check bypass via crafted table name argument
    to COM_FIELD_LIST
    - debian/patches/102_CVE-2010-1848.dpatch: check table name in
      sql/sql_parse.cc, Add tests to tests/mysql_client_test.c.
    - CVE-2010-1848
  * SECURITY UPDATE: denial of service via large packets
    - debian/patches/101_CVE-2010-1849.dpatch: handle big packets in
      sql/sql_parse.cc, include/mysql_com.h, sql/net_serv.cc.
    - CVE-2010-1849
  * SECURITY UPDATE: arbitrary code execution via crafted table name
    argument to COM_FIELD_LIST
    - debian/patches/100_CVE-2010-1850.dpatch: check table name length in
      sql/sql_parse.cc.
    - CVE-2010-1850
  * SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack
    - debian/patches/103_CVE-2010-1626.dpatch: check for symlinks in
      myisam/mi_delete_table.c, add tests to mysql-test/*.
    - CVE-2010-1626

Date: Thu, 27 May 2010 11:52:10 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/mysql-dfsg-5.0/5.1.30really5.0.75-0ubuntu10.5
-------------- next part --------------
Format: 1.8
Date: Thu, 27 May 2010 11:52:10 -0400
Source: mysql-dfsg-5.0
Binary: libmysqlclient15off libmysqlclient15-dev mysql-common mysql-client-5.0 mysql-server-core-5.0 mysql-server-5.0 mysql-server mysql-client
Architecture: source
Version: 5.1.30really5.0.75-0ubuntu10.5
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libmysqlclient15-dev - MySQL database development files
 libmysqlclient15off - MySQL database client library
 mysql-client - MySQL database client (metapackage depending on the latest versio
 mysql-client-5.0 - MySQL database client binaries
 mysql-common - MySQL database common files
 mysql-server - MySQL database server (metapackage depending on the latest versio
 mysql-server-5.0 - MySQL database server binaries
 mysql-server-core-5.0 - MySQL database core server files
Changes: 
 mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu10.5) jaunty-security; urgency=low
 .
   * SECURITY UPDATE: privilege check bypass via crafted table name argument
     to COM_FIELD_LIST
     - debian/patches/102_CVE-2010-1848.dpatch: check table name in
       sql/sql_parse.cc, Add tests to tests/mysql_client_test.c.
     - CVE-2010-1848
   * SECURITY UPDATE: denial of service via large packets
     - debian/patches/101_CVE-2010-1849.dpatch: handle big packets in
       sql/sql_parse.cc, include/mysql_com.h, sql/net_serv.cc.
     - CVE-2010-1849
   * SECURITY UPDATE: arbitrary code execution via crafted table name
     argument to COM_FIELD_LIST
     - debian/patches/100_CVE-2010-1850.dpatch: check table name length in
       sql/sql_parse.cc.
     - CVE-2010-1850
   * SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack
     - debian/patches/103_CVE-2010-1626.dpatch: check for symlinks in
       myisam/mi_delete_table.c, add tests to mysql-test/*.
     - CVE-2010-1626
Checksums-Sha1: 
 2fd6fedcd3a73a607453cb99bd3e7c12be3a706c 1956 mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.5.dsc
 18e75f6f6ab421fc98eb97def709473c3042e128 356182 mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.5.diff.gz
Checksums-Sha256: 
 268ea21d03cf27c75ab808e2844cf851171900b5cbf615a4441702f9a0b08a79 1956 mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.5.dsc
 032dfe91d39dd7e92d98d4e0efa90fdcb9a8c4e9d7a93c8815519bfb6a6271b0 356182 mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.5.diff.gz
Files: 
 70a5dd2235d39f867ca47827b4079475 1956 misc optional mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.5.dsc
 5b46d21a4a5d5902bdf2cfc4c38e7b81 356182 misc optional mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu10.5.diff.gz
Original-Maintainer: Debian MySQL Maintainers <pkg-mysql-maint at lists.alioth.debian.org>