[ubuntu/lucid-security] mysql-dfsg-5.1_5.1.41-3ubuntu12.7_amd64_translations.tar.gz, mysql-dfsg-5.1_5.1.41-3ubuntu12.7_powerpc_translations.tar.gz (delayed), mysql-dfsg-5.1_5.1.41-3ubuntu12.7_armel_translations.tar.gz, mysql-dfsg-5.1, mysql-dfsg-5.1_5.1.41-3ubuntu12.7_i386_translations.tar.gz, mysql-dfsg-5.1_5.1.41-3ubuntu12.7_ia64_translations.tar.gz 5.1.41-3ubuntu12.7 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Nov 11 15:03:58 GMT 2010


mysql-dfsg-5.1 (5.1.41-3ubuntu12.7) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via UPGRADE DATA DIRECTORY NAME
    command
    - debian/patches/60_CVE-2010-2008.dpatch: correctly filter prefixes
      and paths in sql/table.cc, sql/sql_table.cc, sql/mysql_priv.h.
      Add tests to mysql-test/*.
    - CVE-2010-2008
  * SECURITY UPDATE: denial of service via joins involving a table with a
    unique SET column
    - debian/patches/60_CVE-2010-3677.dpatch: improve logic in
      sql/item_cmpfunc.cc. Add tests to mysql-test/*.
    - CVE-2010-3677
  * SECURITY UPDATE: denial of service via incorrect handling of NULL
    arguments
    - debian/patches/60_CVE-2010-3678.dpatch: make sure items are valid in
      sql/item_cmpfunc.cc. Add tests to mysql-test/*.
    - CVE-2010-3678
  * SECURITY UPDATE: denial of service via malformed argument to the BINLOG
    statement
    - debian/patches/60_CVE-2010-3679.dpatch: check lengths in
      sql/sql_binlog.cc. Add tests to mysql-test/*.
    - CVE-2010-3679
  * SECURITY UPDATE: denial of service via TEMPORARY InnoDB tables with
    nullable columns
    - debian/patches/60_CVE-2010-3680.dpatch: check for null datatype in
      storage/{innobase,innodb_plugin}/handler/ha_innodb.cc. Add tests to
      mysql-test/*.
    - CVE-2010-3680
  * SECURITY UPDATE: denial of service via alternate reads from two indexes
    on a table using the HANDLER interface
    - debian/patches/60_CVE-2010-3681.dpatch: check for the same index in
      sql/sql_handler.cc. Add tests to mysql-test/*.
    - CVE-2010-3681
  * SECURITY UPDATE: denial of service via use of EXPLAIN with certain
    queries
    - debian/patches/60_CVE-2010-3682.dpatch: improve conditional in
      sql/sql_select.cc. Add tests to mysql-test/*.
    - CVE-2010-3682
  * SECURITY UPDATE: denial of service and incorrect error handling in
    LOAD DATA INFILE.
    - debian/patches/60_CVE-2010-3683.dpatch: check for errors in
      sql/sql_load.cc. Don't print error on server in sql/net_serv.cc.
      Add tests to mysql-test/*.
    - CVE-2010-3683
  * SECURITY UPDATE: denial of service via incorrect propagation of type
    errors.
    - debian/patches/60_CVE-2010-3833.dpatch: properly check for execution
      errors in sql/item_func.cc. Add tests to mysql-test/*.
    - CVE-2010-3833
  * SECURITY UPDATE: denial of service via derived table materializing.
    - debian/patches/60_CVE-2010-3834.dpatch: handle temporary tables in
      sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*.
    - CVE-2010-3834
  * SECURITY UPDATE: denial of service via user-variable assignment
    expression.
    - debian/patches/60_CVE-2010-3835.dpatch: fix logic in sql/item_func.*,
      Add tests to mysql-test/*.
    - CVE-2010-3835
  * SECURITY UPDATE: denial of service via pre-evaluation of LIKE
    predicates during view preparation.
    - debian/patches/60_CVE-2010-3836.dpatch: make sure we're not in view
      preparation mode in sql/item_cmpfunc.cc. Add tests to mysql-test/*.
    - CVE-2010-3836
  * SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and
    WITH ROLLUP together.
    - debian/patches/60_CVE-2010-3837.dpatch: create a copy of the order
      structures in sql/item_sum.cc, sql/table.h. Add tests to
      mysql-test/*.
    - CVE-2010-3837
  * SECURITY UPDATE: denial of service via longblob and union or update
    with subquery.
    - debian/patches/60_CVE-2010-3838.dpatch: handle REAL_RESULT in
      sql/item_func.cc. Add tests to mysql-test/*.
    - CVE-2010-3838
  * SECURITY UPDATE: denial of service via certain queries with nested
    joins.
    - debian/patches/60_CVE-2010-3839.dpatch: fix nesting in
      sql/sql_select.cc. Add tests to mysql-test/*.
    - CVE-2010-3839
  * SECURITY UPDATE: denial of service via PolyFromWKB() function and
    improper data.
    - debian/patches/60_CVE-2010-3840.dpatch: improve data handling in
      sql/spatial.cc. Add tests to mysql-test/*.
    - CVE-2010-3840
  * debian/patches/61_disable_longfilename_test.dpatch: disable the
    partition_rename_longfilename test as it fails when building with
    sbuild and schroots.

Date: Tue, 09 Nov 2010 13:02:13 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/mysql-dfsg-5.1/5.1.41-3ubuntu12.7
-------------- next part --------------
Format: 1.8
Date: Tue, 09 Nov 2010 13:02:13 -0500
Source: mysql-dfsg-5.1
Binary: libmysqlclient16 libmysqlclient16-dev libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-core-5.1 mysql-client-5.1 mysql-server-core-5.1 mysql-server-5.1 mysql-server mysql-client mysql-testsuite
Architecture: source
Version: 5.1.41-3ubuntu12.7
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libmysqlclient-dev - MySQL database development files
 libmysqlclient16 - MySQL database client library
 libmysqlclient16-dev - MySQL database development files - empty transitional package
 libmysqld-dev - MySQL embedded database development files
 libmysqld-pic - MySQL database development files
 mysql-client - MySQL database client (metapackage depending on the latest versio
 mysql-client-5.1 - MySQL database client binaries
 mysql-client-core-5.1 - MySQL database core client binaries
 mysql-common - MySQL database common files (e.g. /etc/mysql/my.cnf)
 mysql-server - MySQL database server (metapackage depending on the latest versio
 mysql-server-5.1 - MySQL database server binaries
 mysql-server-core-5.1 - MySQL database core server files
 mysql-testsuite - MySQL testsuite
Changes: 
 mysql-dfsg-5.1 (5.1.41-3ubuntu12.7) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via UPGRADE DATA DIRECTORY NAME
     command
     - debian/patches/60_CVE-2010-2008.dpatch: correctly filter prefixes
       and paths in sql/table.cc, sql/sql_table.cc, sql/mysql_priv.h.
       Add tests to mysql-test/*.
     - CVE-2010-2008
   * SECURITY UPDATE: denial of service via joins involving a table with a
     unique SET column
     - debian/patches/60_CVE-2010-3677.dpatch: improve logic in
       sql/item_cmpfunc.cc. Add tests to mysql-test/*.
     - CVE-2010-3677
   * SECURITY UPDATE: denial of service via incorrect handling of NULL
     arguments
     - debian/patches/60_CVE-2010-3678.dpatch: make sure items are valid in
       sql/item_cmpfunc.cc. Add tests to mysql-test/*.
     - CVE-2010-3678
   * SECURITY UPDATE: denial of service via malformed argument to the BINLOG
     statement
     - debian/patches/60_CVE-2010-3679.dpatch: check lengths in
       sql/sql_binlog.cc. Add tests to mysql-test/*.
     - CVE-2010-3679
   * SECURITY UPDATE: denial of service via TEMPORARY InnoDB tables with
     nullable columns
     - debian/patches/60_CVE-2010-3680.dpatch: check for null datatype in
       storage/{innobase,innodb_plugin}/handler/ha_innodb.cc. Add tests to
       mysql-test/*.
     - CVE-2010-3680
   * SECURITY UPDATE: denial of service via alternate reads from two indexes
     on a table using the HANDLER interface
     - debian/patches/60_CVE-2010-3681.dpatch: check for the same index in
       sql/sql_handler.cc. Add tests to mysql-test/*.
     - CVE-2010-3681
   * SECURITY UPDATE: denial of service via use of EXPLAIN with certain
     queries
     - debian/patches/60_CVE-2010-3682.dpatch: improve conditional in
       sql/sql_select.cc. Add tests to mysql-test/*.
     - CVE-2010-3682
   * SECURITY UPDATE: denial of service and incorrect error handling in
     LOAD DATA INFILE.
     - debian/patches/60_CVE-2010-3683.dpatch: check for errors in
       sql/sql_load.cc. Don't print error on server in sql/net_serv.cc.
       Add tests to mysql-test/*.
     - CVE-2010-3683
   * SECURITY UPDATE: denial of service via incorrect propagation of type
     errors.
     - debian/patches/60_CVE-2010-3833.dpatch: properly check for execution
       errors in sql/item_func.cc. Add tests to mysql-test/*.
     - CVE-2010-3833
   * SECURITY UPDATE: denial of service via derived table materializing.
     - debian/patches/60_CVE-2010-3834.dpatch: handle temporary tables in
       sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*.
     - CVE-2010-3834
   * SECURITY UPDATE: denial of service via user-variable assignment
     expression.
     - debian/patches/60_CVE-2010-3835.dpatch: fix logic in sql/item_func.*,
       Add tests to mysql-test/*.
     - CVE-2010-3835
   * SECURITY UPDATE: denial of service via pre-evaluation of LIKE
     predicates during view preparation.
     - debian/patches/60_CVE-2010-3836.dpatch: make sure we're not in view
       preparation mode in sql/item_cmpfunc.cc. Add tests to mysql-test/*.
     - CVE-2010-3836
   * SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and
     WITH ROLLUP together.
     - debian/patches/60_CVE-2010-3837.dpatch: create a copy of the order
       structures in sql/item_sum.cc, sql/table.h. Add tests to
       mysql-test/*.
     - CVE-2010-3837
   * SECURITY UPDATE: denial of service via longblob and union or update
     with subquery.
     - debian/patches/60_CVE-2010-3838.dpatch: handle REAL_RESULT in
       sql/item_func.cc. Add tests to mysql-test/*.
     - CVE-2010-3838
   * SECURITY UPDATE: denial of service via certain queries with nested
     joins.
     - debian/patches/60_CVE-2010-3839.dpatch: fix nesting in
       sql/sql_select.cc. Add tests to mysql-test/*.
     - CVE-2010-3839
   * SECURITY UPDATE: denial of service via PolyFromWKB() function and
     improper data.
     - debian/patches/60_CVE-2010-3840.dpatch: improve data handling in
       sql/spatial.cc. Add tests to mysql-test/*.
     - CVE-2010-3840
   * debian/patches/61_disable_longfilename_test.dpatch: disable the
     partition_rename_longfilename test as it fails when building with
     sbuild and schroots.
Checksums-Sha1: 
 0c581a10a3ceb913b56a3d123bec1e4296159337 2577 mysql-dfsg-5.1_5.1.41-3ubuntu12.7.dsc
 79f3226c67a2dfffc418b92fe4f3f716c3729f6e 341522 mysql-dfsg-5.1_5.1.41-3ubuntu12.7.diff.gz
Checksums-Sha256: 
 b1fb8d6f8489a5a76f3f7c907e982bc4b9ef4d91b321db20f65b875231c45a1d 2577 mysql-dfsg-5.1_5.1.41-3ubuntu12.7.dsc
 4306c7201b0edb26fd941fb771290e8bfbf1af0812027317d8d220629daaadeb 341522 mysql-dfsg-5.1_5.1.41-3ubuntu12.7.diff.gz
Files: 
 916ca7a18d8315fc01878d987b8fb2e9 2577 database optional mysql-dfsg-5.1_5.1.41-3ubuntu12.7.dsc
 2dedee77a23f60a8923ef633c626bcab 341522 database optional mysql-dfsg-5.1_5.1.41-3ubuntu12.7.diff.gz
Original-Maintainer: Debian MySQL Maintainers <pkg-mysql-maint at lists.alioth.debian.org>


More information about the Lucid-changes mailing list