[ubuntu/lucid-security] mysql-dfsg-5.1_5.1.41-3ubuntu12.3_amd64_translations.tar.gz, mysql-dfsg-5.1_5.1.41-3ubuntu12.3_powerpc_translations.tar.gz (delayed), mysql-dfsg-5.1_5.1.41-3ubuntu12.3_ia64_translations.tar.gz, mysql-dfsg-5.1, mysql-dfsg-5.1_5.1.41-3ubuntu12.3_i386_translations.tar.gz, mysql-dfsg-5.1_5.1.41-3ubuntu12.3_armel_translations.tar.gz 5.1.41-3ubuntu12.3 (Accepted)

Ubuntu Installer archive at ubuntu.com
Wed Jun 9 15:03:44 BST 2010


mysql-dfsg-5.1 (5.1.41-3ubuntu12.3) lucid-security; urgency=low

  * SECURITY UPDATE: missing privilege check when uninstalling plugins
    - debian/patches/55_CVE-2010-1621.dpatch: check access rights in
      sql/sql_plugin.cc, added tests to mysql-test/*.
    - CVE-2010-1621
  * SECURITY UPDATE: privilege check bypass via crafted table name argument
    to COM_FIELD_LIST
    - debian/patches/58_CVE-2010-1848.dpatch: check for path chars in
      sql/table.cc, sql/sql_yacc.yy, sql/sql_yacc.cc, sql/sql_table.cc,
      sql/sql_parse.cc, sql/partition_info.cc, sql/mysql_priv.h. Add tests
      to tests/mysql_client_test.c and mysql-test/*.
    - CVE-2010-1848
  * SECURITY UPDATE: denial of service via large packets
    - debian/patches/57_CVE-2010-1849.dpatch: handle big packets in
      sql/sql_connect.cc, include/mysql_com.h, sql/net_serv.cc.
    - CVE-2010-1849
  * SECURITY UPDATE: arbitrary code execution via crafted table name
    argument to COM_FIELD_LIST
    - debian/patches/56_CVE-2010-1850.dpatch: check table name length in
      sql/sql_parse.cc.
    - CVE-2010-1850
  * SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack
    - debian/patches/59_CVE-2010-1626.dpatch: check for symlinks in
      storage/myisam/mi_delete_table.c, add tests to mysql-test/*.
    - CVE-2010-1626

Date: Mon, 07 Jun 2010 11:00:58 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/mysql-dfsg-5.1/5.1.41-3ubuntu12.3
-------------- next part --------------
Format: 1.8
Date: Mon, 07 Jun 2010 11:00:58 -0400
Source: mysql-dfsg-5.1
Binary: libmysqlclient16 libmysqlclient16-dev libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-core-5.1 mysql-client-5.1 mysql-server-core-5.1 mysql-server-5.1 mysql-server mysql-client mysql-testsuite
Architecture: source
Version: 5.1.41-3ubuntu12.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libmysqlclient-dev - MySQL database development files
 libmysqlclient16 - MySQL database client library
 libmysqlclient16-dev - MySQL database development files - empty transitional package
 libmysqld-dev - MySQL embedded database development files
 libmysqld-pic - MySQL database development files
 mysql-client - MySQL database client (metapackage depending on the latest versio
 mysql-client-5.1 - MySQL database client binaries
 mysql-client-core-5.1 - MySQL database core client binaries
 mysql-common - MySQL database common files (e.g. /etc/mysql/my.cnf)
 mysql-server - MySQL database server (metapackage depending on the latest versio
 mysql-server-5.1 - MySQL database server binaries
 mysql-server-core-5.1 - MySQL database core server files
 mysql-testsuite - MySQL testsuite
Changes: 
 mysql-dfsg-5.1 (5.1.41-3ubuntu12.3) lucid-security; urgency=low
 .
   * SECURITY UPDATE: missing privilege check when uninstalling plugins
     - debian/patches/55_CVE-2010-1621.dpatch: check access rights in
       sql/sql_plugin.cc, added tests to mysql-test/*.
     - CVE-2010-1621
   * SECURITY UPDATE: privilege check bypass via crafted table name argument
     to COM_FIELD_LIST
     - debian/patches/58_CVE-2010-1848.dpatch: check for path chars in
       sql/table.cc, sql/sql_yacc.yy, sql/sql_yacc.cc, sql/sql_table.cc,
       sql/sql_parse.cc, sql/partition_info.cc, sql/mysql_priv.h. Add tests
       to tests/mysql_client_test.c and mysql-test/*.
     - CVE-2010-1848
   * SECURITY UPDATE: denial of service via large packets
     - debian/patches/57_CVE-2010-1849.dpatch: handle big packets in
       sql/sql_connect.cc, include/mysql_com.h, sql/net_serv.cc.
     - CVE-2010-1849
   * SECURITY UPDATE: arbitrary code execution via crafted table name
     argument to COM_FIELD_LIST
     - debian/patches/56_CVE-2010-1850.dpatch: check table name length in
       sql/sql_parse.cc.
     - CVE-2010-1850
   * SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack
     - debian/patches/59_CVE-2010-1626.dpatch: check for symlinks in
       storage/myisam/mi_delete_table.c, add tests to mysql-test/*.
     - CVE-2010-1626
Checksums-Sha1: 
 046faf6504113457a9149c05cf12425463a94a0f 1937 mysql-dfsg-5.1_5.1.41-3ubuntu12.3.dsc
 c4834ceac6970fa39d601e79e63af88296b8a45a 327145 mysql-dfsg-5.1_5.1.41-3ubuntu12.3.diff.gz
Checksums-Sha256: 
 05e4589fb9edb33095201d4edbba0e23b7c3e2e17d46abdd47e6d70267330cb6 1937 mysql-dfsg-5.1_5.1.41-3ubuntu12.3.dsc
 fc405f07f0d32bbc60bec6b713a5cdd21c881275e62666ec75686f03d40f6a17 327145 mysql-dfsg-5.1_5.1.41-3ubuntu12.3.diff.gz
Files: 
 e2acf360eb3d7ef11329430bc6cf07a4 1937 database optional mysql-dfsg-5.1_5.1.41-3ubuntu12.3.dsc
 507ca250e35ebd79e8eeaa55baf77de2 327145 database optional mysql-dfsg-5.1_5.1.41-3ubuntu12.3.diff.gz
Original-Maintainer: Debian MySQL Maintainers <pkg-mysql-maint at lists.alioth.debian.org>


More information about the Lucid-changes mailing list