[ubuntu/karmic-security] mysql-dfsg-5.1_5.1.37-1ubuntu5.1_powerpc_translations.tar.gz, mysql-dfsg-5.1_5.1.37-1ubuntu5.1_i386_translations.tar.gz, mysql-dfsg-5.1, mysql-dfsg-5.1_5.1.37-1ubuntu5.1_ia64_translations.tar.gz, mysql-dfsg-5.1_5.1.37-1ubuntu5.1_amd64_translations.tar.gz, mysql-dfsg-5.1_5.1.37-1ubuntu5.1_armel_translations.tar.gz, mysql-dfsg-5.1_5.1.37-1ubuntu5.1_sparc_translations.tar.gz (delayed), mysql-dfsg-5.1_5.1.37-1ubuntu5.1_lpia_translations.tar.gz 5.1.37-1ubuntu5.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Wed Feb 10 14:04:12 GMT 2010


mysql-dfsg-5.1 (5.1.37-1ubuntu5.1) karmic-security; urgency=low

  * SECURITY UPDATE: denial of service via certain SELECT statements with
    subqueries and statements that use the GeomFromWKB function
    - debian/patches/51_CVE-2009-4019.dpatch: return proper errors in
      sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
      null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
    - CVE-2009-4019
  * SECURITY UPDATE: privilege restriction bypass via incorrect calculation
    of the mysql_unpacked_real_data_home value
    - debian/patches/52_CVE-2009-4030.dpatch: fix initialization order in
      sql/mysqld.cc.
    - CVE-2009-4030
  * SECURITY UPDATE: arbitrary code execution via yassl stack overflow
    - debian/patches/53_CVE-2009-4484.dpatch: validate lengths in
      extra/yassl/taocrypt/src/asn.*.
    - CVE-2009-4484
  * SECURITY UPDATE: access restriction bypass via symlink
    - debian/patches/54_CVE-2008-7247.dpatch: improve symlink handling in
      sql/sql_table.cc.
    - CVE-2008-7247
  * debian/patches/55_ssl_test_certs.dpatch: update certificates in the
    test suite as they are expired. The new certs expire 2015-01-28.

Date: Sun, 07 Feb 2010 23:32:37 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/mysql-dfsg-5.1/5.1.37-1ubuntu5.1
-------------- next part --------------
Format: 1.8
Date: Sun, 07 Feb 2010 23:32:37 -0500
Source: mysql-dfsg-5.1
Binary: libmysqlclient16 libmysqlclient16-dev libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.1 mysql-server-core-5.1 mysql-server-5.1 mysql-server mysql-client
Architecture: source
Version: 5.1.37-1ubuntu5.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libmysqlclient-dev - MySQL database development files
 libmysqlclient16 - MySQL database client library
 libmysqlclient16-dev - MySQL database development files - empty transitional package
 libmysqld-dev - MySQL embedded database development files
 libmysqld-pic - MySQL database development files
 mysql-client - MySQL database client (metapackage depending on the latest versio
 mysql-client-5.1 - MySQL database client binaries
 mysql-common - MySQL database common files (e.g. /etc/mysql/my.cnf)
 mysql-server - MySQL database server (metapackage depending on the latest versio
 mysql-server-5.1 - MySQL database server binaries
 mysql-server-core-5.1 - MySQL database core server files
Changes: 
 mysql-dfsg-5.1 (5.1.37-1ubuntu5.1) karmic-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via certain SELECT statements with
     subqueries and statements that use the GeomFromWKB function
     - debian/patches/51_CVE-2009-4019.dpatch: return proper errors in
       sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
       null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
     - CVE-2009-4019
   * SECURITY UPDATE: privilege restriction bypass via incorrect calculation
     of the mysql_unpacked_real_data_home value
     - debian/patches/52_CVE-2009-4030.dpatch: fix initialization order in
       sql/mysqld.cc.
     - CVE-2009-4030
   * SECURITY UPDATE: arbitrary code execution via yassl stack overflow
     - debian/patches/53_CVE-2009-4484.dpatch: validate lengths in
       extra/yassl/taocrypt/src/asn.*.
     - CVE-2009-4484
   * SECURITY UPDATE: access restriction bypass via symlink
     - debian/patches/54_CVE-2008-7247.dpatch: improve symlink handling in
       sql/sql_table.cc.
     - CVE-2008-7247
   * debian/patches/55_ssl_test_certs.dpatch: update certificates in the
     test suite as they are expired. The new certs expire 2015-01-28.
Checksums-Sha1: 
 b30492ee517240bdd810c27a4324ea73909e915f 1882 mysql-dfsg-5.1_5.1.37-1ubuntu5.1.dsc
 8b6fa2e78dad72b1cca548efd831a1e088bcaa3a 324027 mysql-dfsg-5.1_5.1.37-1ubuntu5.1.diff.gz
Checksums-Sha256: 
 1c71f6619c14c43188d774884e6ac352128d663ee6fdcedc916bc3d5f5d993e0 1882 mysql-dfsg-5.1_5.1.37-1ubuntu5.1.dsc
 ad8660c4d10a5b7ce5d8c0ba15fe34df7b30f23b8aaa57ff0fe57671ca17dcd7 324027 mysql-dfsg-5.1_5.1.37-1ubuntu5.1.diff.gz
Files: 
 46dbf831cc6b4780f2cd83413b5661c7 1882 misc optional mysql-dfsg-5.1_5.1.37-1ubuntu5.1.dsc
 081acc52aeb607791ced32e325a75fd3 324027 misc optional mysql-dfsg-5.1_5.1.37-1ubuntu5.1.diff.gz
Original-Maintainer: Debian MySQL Maintainers <pkg-mysql-maint at lists.alioth.debian.org>


More information about the Karmic-changes mailing list