[ubuntu/karmic-security] mysql-dfsg-5.1_5.1.37-1ubuntu5.5_armel_translations.tar.gz, mysql-dfsg-5.1_5.1.37-1ubuntu5.5_powerpc_translations.tar.gz, mysql-dfsg-5.1_5.1.37-1ubuntu5.5_amd64_translations.tar.gz, mysql-dfsg-5.1_5.1.37-1ubuntu5.5_ia64_translations.tar.gz, mysql-dfsg-5.1, mysql-dfsg-5.1_5.1.37-1ubuntu5.5_sparc_translations.tar.gz (delayed), mysql-dfsg-5.1_5.1.37-1ubuntu5.5_lpia_translations.tar.gz, mysql-dfsg-5.1_5.1.37-1ubuntu5.5_i386_translations.tar.gz 5.1.37-1ubuntu5.5 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Thu Nov 11 15:04:33 GMT 2010
mysql-dfsg-5.1 (5.1.37-1ubuntu5.5) karmic-security; urgency=low
* SECURITY UPDATE: denial of service via UPGRADE DATA DIRECTORY NAME
command
- debian/patches/60_CVE-2010-2008.dpatch: correctly filter prefixes
and paths in sql/table.cc, sql/sql_table.cc, sql/mysql_priv.h.
Add tests to mysql-test/*.
- CVE-2010-2008
* SECURITY UPDATE: denial of service via joins involving a table with a
unique SET column
- debian/patches/60_CVE-2010-3677.dpatch: improve logic in
sql/item_cmpfunc.cc. Add tests to mysql-test/*.
- CVE-2010-3677
* SECURITY UPDATE: denial of service via incorrect handling of NULL
arguments
- debian/patches/60_CVE-2010-3678.dpatch: make sure items are valid in
sql/item_cmpfunc.cc. Add tests to mysql-test/*.
- CVE-2010-3678
* SECURITY UPDATE: denial of service via malformed argument to the BINLOG
statement
- debian/patches/60_CVE-2010-3679.dpatch: check lengths in
sql/sql_binlog.cc. Add tests to mysql-test/*.
- CVE-2010-3679
* SECURITY UPDATE: denial of service via TEMPORARY InnoDB tables with
nullable columns
- debian/patches/60_CVE-2010-3680.dpatch: check for null datatype in
storage/{innobase,innodb_plugin}/handler/ha_innodb.cc. Add tests to
mysql-test/*.
- CVE-2010-3680
* SECURITY UPDATE: denial of service via alternate reads from two indexes
on a table using the HANDLER interface
- debian/patches/60_CVE-2010-3681.dpatch: check for the same index in
sql/sql_handler.cc. Add tests to mysql-test/*.
- CVE-2010-3681
* SECURITY UPDATE: denial of service via use of EXPLAIN with certain
queries
- debian/patches/60_CVE-2010-3682.dpatch: improve conditional in
sql/sql_select.cc. Add tests to mysql-test/*.
- CVE-2010-3682
* SECURITY UPDATE: denial of service and incorrect error handling in
LOAD DATA INFILE.
- debian/patches/60_CVE-2010-3683.dpatch: check for errors in
sql/sql_load.cc. Don't print error on server in sql/net_serv.cc.
Add tests to mysql-test/*.
- CVE-2010-3683
* SECURITY UPDATE: denial of service via incorrect propagation of type
errors.
- debian/patches/60_CVE-2010-3833.dpatch: properly check for execution
errors in sql/item_func.cc. Add tests to mysql-test/*.
- CVE-2010-3833
* SECURITY UPDATE: denial of service via derived table materializing.
- debian/patches/60_CVE-2010-3834.dpatch: handle temporary tables in
sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*.
- CVE-2010-3834
* SECURITY UPDATE: denial of service via user-variable assignment
expression.
- debian/patches/60_CVE-2010-3835.dpatch: fix logic in sql/item_func.*,
Add tests to mysql-test/*.
- CVE-2010-3835
* SECURITY UPDATE: denial of service via pre-evaluation of LIKE
predicates during view preparation.
- debian/patches/60_CVE-2010-3836.dpatch: make sure we're not in view
preparation mode in sql/item_cmpfunc.cc. Add tests to mysql-test/*.
- CVE-2010-3836
* SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and
WITH ROLLUP together.
- debian/patches/60_CVE-2010-3837.dpatch: create a copy of the order
structures in sql/item_sum.cc, sql/table.h. Add tests to
mysql-test/*.
- CVE-2010-3837
* SECURITY UPDATE: denial of service via longblob and union or update
with subquery.
- debian/patches/60_CVE-2010-3838.dpatch: handle REAL_RESULT in
sql/item_func.cc. Add tests to mysql-test/*.
- CVE-2010-3838
* SECURITY UPDATE: denial of service via certain queries with nested
joins.
- debian/patches/60_CVE-2010-3839.dpatch: fix nesting in
sql/sql_select.cc. Add tests to mysql-test/*.
- CVE-2010-3839
* SECURITY UPDATE: denial of service via PolyFromWKB() function and
improper data.
- debian/patches/60_CVE-2010-3840.dpatch: improve data handling in
sql/spatial.cc. Add tests to mysql-test/*.
- CVE-2010-3840
Date: Tue, 09 Nov 2010 08:42:37 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/mysql-dfsg-5.1/5.1.37-1ubuntu5.5
-------------- next part --------------
Format: 1.8
Date: Tue, 09 Nov 2010 08:42:37 -0500
Source: mysql-dfsg-5.1
Binary: libmysqlclient16 libmysqlclient16-dev libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.1 mysql-server-core-5.1 mysql-server-5.1 mysql-server mysql-client
Architecture: source
Version: 5.1.37-1ubuntu5.5
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libmysqlclient-dev - MySQL database development files
libmysqlclient16 - MySQL database client library
libmysqlclient16-dev - MySQL database development files - empty transitional package
libmysqld-dev - MySQL embedded database development files
libmysqld-pic - MySQL database development files
mysql-client - MySQL database client (metapackage depending on the latest versio
mysql-client-5.1 - MySQL database client binaries
mysql-common - MySQL database common files (e.g. /etc/mysql/my.cnf)
mysql-server - MySQL database server (metapackage depending on the latest versio
mysql-server-5.1 - MySQL database server binaries
mysql-server-core-5.1 - MySQL database core server files
Changes:
mysql-dfsg-5.1 (5.1.37-1ubuntu5.5) karmic-security; urgency=low
.
* SECURITY UPDATE: denial of service via UPGRADE DATA DIRECTORY NAME
command
- debian/patches/60_CVE-2010-2008.dpatch: correctly filter prefixes
and paths in sql/table.cc, sql/sql_table.cc, sql/mysql_priv.h.
Add tests to mysql-test/*.
- CVE-2010-2008
* SECURITY UPDATE: denial of service via joins involving a table with a
unique SET column
- debian/patches/60_CVE-2010-3677.dpatch: improve logic in
sql/item_cmpfunc.cc. Add tests to mysql-test/*.
- CVE-2010-3677
* SECURITY UPDATE: denial of service via incorrect handling of NULL
arguments
- debian/patches/60_CVE-2010-3678.dpatch: make sure items are valid in
sql/item_cmpfunc.cc. Add tests to mysql-test/*.
- CVE-2010-3678
* SECURITY UPDATE: denial of service via malformed argument to the BINLOG
statement
- debian/patches/60_CVE-2010-3679.dpatch: check lengths in
sql/sql_binlog.cc. Add tests to mysql-test/*.
- CVE-2010-3679
* SECURITY UPDATE: denial of service via TEMPORARY InnoDB tables with
nullable columns
- debian/patches/60_CVE-2010-3680.dpatch: check for null datatype in
storage/{innobase,innodb_plugin}/handler/ha_innodb.cc. Add tests to
mysql-test/*.
- CVE-2010-3680
* SECURITY UPDATE: denial of service via alternate reads from two indexes
on a table using the HANDLER interface
- debian/patches/60_CVE-2010-3681.dpatch: check for the same index in
sql/sql_handler.cc. Add tests to mysql-test/*.
- CVE-2010-3681
* SECURITY UPDATE: denial of service via use of EXPLAIN with certain
queries
- debian/patches/60_CVE-2010-3682.dpatch: improve conditional in
sql/sql_select.cc. Add tests to mysql-test/*.
- CVE-2010-3682
* SECURITY UPDATE: denial of service and incorrect error handling in
LOAD DATA INFILE.
- debian/patches/60_CVE-2010-3683.dpatch: check for errors in
sql/sql_load.cc. Don't print error on server in sql/net_serv.cc.
Add tests to mysql-test/*.
- CVE-2010-3683
* SECURITY UPDATE: denial of service via incorrect propagation of type
errors.
- debian/patches/60_CVE-2010-3833.dpatch: properly check for execution
errors in sql/item_func.cc. Add tests to mysql-test/*.
- CVE-2010-3833
* SECURITY UPDATE: denial of service via derived table materializing.
- debian/patches/60_CVE-2010-3834.dpatch: handle temporary tables in
sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*.
- CVE-2010-3834
* SECURITY UPDATE: denial of service via user-variable assignment
expression.
- debian/patches/60_CVE-2010-3835.dpatch: fix logic in sql/item_func.*,
Add tests to mysql-test/*.
- CVE-2010-3835
* SECURITY UPDATE: denial of service via pre-evaluation of LIKE
predicates during view preparation.
- debian/patches/60_CVE-2010-3836.dpatch: make sure we're not in view
preparation mode in sql/item_cmpfunc.cc. Add tests to mysql-test/*.
- CVE-2010-3836
* SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and
WITH ROLLUP together.
- debian/patches/60_CVE-2010-3837.dpatch: create a copy of the order
structures in sql/item_sum.cc, sql/table.h. Add tests to
mysql-test/*.
- CVE-2010-3837
* SECURITY UPDATE: denial of service via longblob and union or update
with subquery.
- debian/patches/60_CVE-2010-3838.dpatch: handle REAL_RESULT in
sql/item_func.cc. Add tests to mysql-test/*.
- CVE-2010-3838
* SECURITY UPDATE: denial of service via certain queries with nested
joins.
- debian/patches/60_CVE-2010-3839.dpatch: fix nesting in
sql/sql_select.cc. Add tests to mysql-test/*.
- CVE-2010-3839
* SECURITY UPDATE: denial of service via PolyFromWKB() function and
improper data.
- debian/patches/60_CVE-2010-3840.dpatch: improve data handling in
sql/spatial.cc. Add tests to mysql-test/*.
- CVE-2010-3840
Checksums-Sha1:
8eafd110bfb3f1fe05176043ecf94293c3d4b51f 2522 mysql-dfsg-5.1_5.1.37-1ubuntu5.5.dsc
64edf1b631458d36dd9023492c6780aaa20a0e8b 343665 mysql-dfsg-5.1_5.1.37-1ubuntu5.5.diff.gz
Checksums-Sha256:
694110ed02a74b4e9a95ab19a595dbca2de96b5373f8c134dd4ad5b9e9c60c72 2522 mysql-dfsg-5.1_5.1.37-1ubuntu5.5.dsc
e06fba3b41736a28ec3d2149f4b55bf73f0212d786c179990abe15c2158a799f 343665 mysql-dfsg-5.1_5.1.37-1ubuntu5.5.diff.gz
Files:
c7d66071d8d446783bcbb2cf0dfb6e3b 2522 misc optional mysql-dfsg-5.1_5.1.37-1ubuntu5.5.dsc
186b3a556b81532075ad6feb344cfe0c 343665 misc optional mysql-dfsg-5.1_5.1.37-1ubuntu5.5.diff.gz
Original-Maintainer: Debian MySQL Maintainers <pkg-mysql-maint at lists.alioth.debian.org>
More information about the Karmic-changes
mailing list