[ubuntu/karmic-security] mysql-dfsg-5.1_5.1.37-1ubuntu5.4_i386_translations.tar.gz, mysql-dfsg-5.1_5.1.37-1ubuntu5.4_amd64_translations.tar.gz, mysql-dfsg-5.1_5.1.37-1ubuntu5.4_armel_translations.tar.gz, mysql-dfsg-5.1, mysql-dfsg-5.1_5.1.37-1ubuntu5.4_sparc_translations.tar.gz (delayed), mysql-dfsg-5.1_5.1.37-1ubuntu5.4_ia64_translations.tar.gz, mysql-dfsg-5.1_5.1.37-1ubuntu5.4_powerpc_translations.tar.gz, mysql-dfsg-5.1_5.1.37-1ubuntu5.4_lpia_translations.tar.gz 5.1.37-1ubuntu5.4 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Wed Jun 9 15:04:18 BST 2010
mysql-dfsg-5.1 (5.1.37-1ubuntu5.4) karmic-security; urgency=low
* SECURITY UPDATE: missing privilege check when uninstalling plugins
- debian/patches/56_CVE-2010-1621.dpatch: check access rights in
sql/sql_plugin.cc, added tests to mysql-test/*.
- CVE-2010-1621
* SECURITY UPDATE: privilege check bypass via crafted table name argument
to COM_FIELD_LIST
- debian/patches/59_CVE-2010-1848.dpatch: check for path chars in
sql/table.cc, sql/sql_yacc.yy, sql/sql_yacc.cc, sql/sql_table.cc,
sql/sql_parse.cc, sql/partition_info.cc, sql/mysql_priv.h. Add tests
to tests/mysql_client_test.c and mysql-test/*.
- CVE-2010-1848
* SECURITY UPDATE: denial of service via large packets
- debian/patches/58_CVE-2010-1849.dpatch: handle big packets in
sql/sql_connect.cc, include/mysql_com.h, sql/net_serv.cc.
- CVE-2010-1849
* SECURITY UPDATE: arbitrary code execution via crafted table name
argument to COM_FIELD_LIST
- debian/patches/57_CVE-2010-1850.dpatch: check table name length in
sql/sql_parse.cc.
- CVE-2010-1850
* SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack
- debian/patches/60_CVE-2010-1626.dpatch: check for symlinks in
storage/myisam/mi_delete_table.c, add tests to mysql-test/*.
- CVE-2010-1626
Date: Wed, 26 May 2010 22:42:40 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/mysql-dfsg-5.1/5.1.37-1ubuntu5.4
-------------- next part --------------
Format: 1.8
Date: Wed, 26 May 2010 22:42:40 -0400
Source: mysql-dfsg-5.1
Binary: libmysqlclient16 libmysqlclient16-dev libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.1 mysql-server-core-5.1 mysql-server-5.1 mysql-server mysql-client
Architecture: source
Version: 5.1.37-1ubuntu5.4
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libmysqlclient-dev - MySQL database development files
libmysqlclient16 - MySQL database client library
libmysqlclient16-dev - MySQL database development files - empty transitional package
libmysqld-dev - MySQL embedded database development files
libmysqld-pic - MySQL database development files
mysql-client - MySQL database client (metapackage depending on the latest versio
mysql-client-5.1 - MySQL database client binaries
mysql-common - MySQL database common files (e.g. /etc/mysql/my.cnf)
mysql-server - MySQL database server (metapackage depending on the latest versio
mysql-server-5.1 - MySQL database server binaries
mysql-server-core-5.1 - MySQL database core server files
Changes:
mysql-dfsg-5.1 (5.1.37-1ubuntu5.4) karmic-security; urgency=low
.
* SECURITY UPDATE: missing privilege check when uninstalling plugins
- debian/patches/56_CVE-2010-1621.dpatch: check access rights in
sql/sql_plugin.cc, added tests to mysql-test/*.
- CVE-2010-1621
* SECURITY UPDATE: privilege check bypass via crafted table name argument
to COM_FIELD_LIST
- debian/patches/59_CVE-2010-1848.dpatch: check for path chars in
sql/table.cc, sql/sql_yacc.yy, sql/sql_yacc.cc, sql/sql_table.cc,
sql/sql_parse.cc, sql/partition_info.cc, sql/mysql_priv.h. Add tests
to tests/mysql_client_test.c and mysql-test/*.
- CVE-2010-1848
* SECURITY UPDATE: denial of service via large packets
- debian/patches/58_CVE-2010-1849.dpatch: handle big packets in
sql/sql_connect.cc, include/mysql_com.h, sql/net_serv.cc.
- CVE-2010-1849
* SECURITY UPDATE: arbitrary code execution via crafted table name
argument to COM_FIELD_LIST
- debian/patches/57_CVE-2010-1850.dpatch: check table name length in
sql/sql_parse.cc.
- CVE-2010-1850
* SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack
- debian/patches/60_CVE-2010-1626.dpatch: check for symlinks in
storage/myisam/mi_delete_table.c, add tests to mysql-test/*.
- CVE-2010-1626
Checksums-Sha1:
55ae8800210d3b819320a4d66e9af810af60856d 1882 mysql-dfsg-5.1_5.1.37-1ubuntu5.4.dsc
e3420f7efdde01369f58a381275b22c82e4eaaf9 329896 mysql-dfsg-5.1_5.1.37-1ubuntu5.4.diff.gz
Checksums-Sha256:
25d7959882e5648b5c19e052cebb2a4d8f198b25adc1e4a26bd8ed24705707c2 1882 mysql-dfsg-5.1_5.1.37-1ubuntu5.4.dsc
fc83477f70c3724150d7c49699e479f008abee87092866c586fd8b4099501462 329896 mysql-dfsg-5.1_5.1.37-1ubuntu5.4.diff.gz
Files:
ea1e1fe7e5d69f57b9ab6a3267e4cde8 1882 misc optional mysql-dfsg-5.1_5.1.37-1ubuntu5.4.dsc
e385412072c12eff5dce76f54be6d2f8 329896 misc optional mysql-dfsg-5.1_5.1.37-1ubuntu5.4.diff.gz
Original-Maintainer: Debian MySQL Maintainers <pkg-mysql-maint at lists.alioth.debian.org>
More information about the Karmic-changes
mailing list