[Bug 172260] Re: [mysql] multiple vulnerabilities

Jamie Strandboge jamie at ubuntu.com
Wed Mar 5 16:48:38 GMT 2008


CVE-2007-2692 is not fixed in Debian Etch (and therefore the patch can't
be used in Ubuntu releases).  DSA-1413 omits part of the patch to
sql/sql_db.cc and the test cases.  If use the test cases from
http://lists.mysql.com/commits/23650 against Etch, then it shows that
Etch is still vulnerable.  MDKSA-2007:243 does not address
CVE-2007-2692. Investigating proper fix.

[mysql] multiple vulnerabilities
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-dfsg-5.0 in ubuntu.

More information about the Ubuntu-server-bugs mailing list