Change log for mysql-dfsg-5.0 package in Ubuntu
1 → 75 of 107 results | First • Previous • Next • Last |
mysql-dfsg-5.0 (5.0.96-0ubuntu3) hardy-security; urgency=low * SECURITY UPDATE: authentication bypass (LP: #1011371) - debian/patches/90_CVE-2012-2122.patch: fix improper type conversion in sql/password.c. - CVE-2012-2122 * debian/mysql-server.preinst: Removed to prevent service from remaining stopped after getting updated. The upgrade logic is still present in mysql-common.preinst. (LP: #988325) -- Marc Deslauriers <email address hidden> Mon, 11 Jun 2012 09:04:56 -0400
Available diffs
Superseded in hardy-security |
Superseded in hardy-updates |
Deleted in hardy-proposed (Reason: moved to -updates) |
mysql-dfsg-5.0 (5.0.96-0ubuntu1) hardy-security; urgency=low * SECURITY UPDATE: Update to 5.0.96 to fix security issues (LP: #965523) - http://dev.mysql.com/doc/refman/5.0/en/news-5-0-96.html -- Marc Deslauriers <email address hidden> Wed, 28 Mar 2012 09:25:59 -0400
Available diffs
- diff from 5.0.95-0ubuntu1 to 5.0.96-0ubuntu1 (83.5 KiB)
Superseded in hardy-security |
Superseded in hardy-updates |
Deleted in hardy-proposed (Reason: moved to -updates) |
mysql-dfsg-5.0 (5.0.95-0ubuntu1) hardy-security; urgency=low * SECURITY UPDATE: Update to 5.0.95 to fix multiple security issues (LP: #937869) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - CVE-2012-0075 - CVE-2012-0087 - CVE-2012-0101 - CVE-2012-0102 - CVE-2012-0114 - CVE-2012-0484 - CVE-2012-0490 * Dropped patches unnecessary with 5.0.95: - debian/patches/91_SECURITY_CVE-2007-5925.dpatch - debian/patches/95_SECURITY_CVE-2008-3963.dpatch - debian/patches/96_SECURITY_CVE-2008-4098.dpatch - debian/patches/97_CVE-2008-4456.dpatch - debian/patches/97_CVE-2009-2446.dpatch - debian/patches/97_CVE-2009-4019.dpatch - debian/patches/97_CVE-2009-4030.dpatch - debian/patches/98_CVE-2009-4484.dpatch - debian/patches/99_ssl_test_certs.dpatch - debian/patches/100_CVE-2010-1850.dpatch - debian/patches/101_CVE-2010-1849.dpatch - debian/patches/102_CVE-2010-1848.dpatch - debian/patches/103_CVE-2010-1626.dpatch - debian/patches/98_CVE-2010-3677.dpatch - debian/patches/98_CVE-2010-3680.dpatch - debian/patches/98_CVE-2010-3681.dpatch - debian/patches/98_CVE-2010-3682.dpatch - debian/patches/98_CVE-2010-3833.dpatch - debian/patches/98_CVE-2010-3834.dpatch - debian/patches/98_CVE-2010-3835.dpatch - debian/patches/98_CVE-2010-3836.dpatch - debian/patches/98_CVE-2010-3837.dpatch - debian/patches/98_CVE-2010-3838.dpatch - debian/patches/98_CVE-2010-3840.dpatch - debian/patches/45_warn-CLI-passwords.dpatch - debian/patches/50_fix_mysqldump.dpatch - debian/patches/51_incorrect-order.dpatch - debian/patches/52_ndb-gcc-4.2.dpatch - debian/patches/53_integer-gcc-4.2.dpatch - debian/patches/54_ssl-client-support.dpatch - debian/patches/55_testsuite-2008.dpatch - debian/patches/58-disable-ndb-backup-print.dpatch - debian/patches/59-fix-mysql-replication-logs.dpatch - debian/patches/86_PATH_MAX.dpatch - debian/patches/90_upstreamdebiandir.dpatch - debian/patches/92_fix_order_by32202.dpatch - debian/patches/93_fix_user_setup_on_localhost.dpatch - debian/patches/94_fix_mysqldump_with_old_versions.dpatch - debian/patches/56-mysqlhotcopy-invalid-dbtable.dpatch - debian/patches/57-fix-mysqlslowdump-config.dpatch * debian/mysql-client-5.0.docs, debian/mysql-server-5.0.docs: removed EXCEPTIONS-CLIENT file * debian/libmysqlclient15-dev.docs, debian/libmysqlclient15off.docs: removed, no longer necessary. * debian/patches/25_mysys__default.c.dpatch: updated for 5.0.95. * debian/mysql-server-5.0.files: change ndb_mgmd and ndbd manpage locations. Removed mysqlmanagerc.1 and mysqlmanager-pwgen.1 -- Marc Deslauriers <email address hidden> Thu, 23 Feb 2012 11:21:11 -0500
Available diffs
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.15) dapper-security; urgency=low * SECURITY UPDATE: denial of service via joins involving a table with a unique SET column - debian/patches/113_SECURITY_CVE-2010-3677.dpatch: improve logic in sql/item_cmpfunc.cc. Add tests to mysql-test/*. - CVE-2010-3677 * SECURITY UPDATE: denial of service via TEMPORARY InnoDB tables with nullable columns - debian/patches/113_SECURITY_CVE-2010-3680.dpatch: check for null datatype in sql/ha_innodb.cc. Add tests to mysql-test/*. - CVE-2010-3680 * SECURITY UPDATE: denial of service via alternate reads from two indexes on a table using the HANDLER interface - debian/patches/113_SECURITY_CVE-2010-3681.dpatch: check for the same index in sql/sql_handler.cc. Add tests to mysql-test/*. - CVE-2010-3681 * SECURITY UPDATE: denial of service via use of EXPLAIN with certain queries - debian/patches/113_SECURITY_CVE-2010-3682.dpatch: improve conditional in sql/sql_select.cc. Add tests to mysql-test/*. - CVE-2010-3682 * SECURITY UPDATE: denial of service via derived table materializing. - debian/patches/113_SECURITY_CVE-2010-3834.dpatch: handle temporary tables in sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*. - CVE-2010-3834 * SECURITY UPDATE: denial of service via pre-evaluation of LIKE predicates during view preparation. - debian/patches/113_SECURITY_CVE-2010-3836.dpatch: make sure we're not in view preparation mode in sql/item_cmpfunc.cc. Add tests to mysql-test/*. - CVE-2010-3836 * SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and WITH ROLLUP together. - debian/patches/113_SECURITY_CVE-2010-3837.dpatch: create a copy of the order structures in sql/item_sum.cc, sql/table.h. Add tests to mysql-test/*. - CVE-2010-3837 * SECURITY UPDATE: denial of service via longblob and union or update with subquery. - debian/patches/113_SECURITY_CVE-2010-3838.dpatch: handle REAL_RESULT in sql/item_func.cc. Add tests to mysql-test/*. - CVE-2010-3838 * SECURITY UPDATE: denial of service via PolyFromWKB() function and improper data. - debian/patches/113_SECURITY_CVE-2010-3840.dpatch: improve data handling in sql/spatial.cc. Add tests to mysql-test/*. - CVE-2010-3840 -- Marc Deslauriers <email address hidden> Tue, 09 Nov 2010 14:10:41 -0500
Available diffs
mysql-dfsg-5.0 (5.0.51a-3ubuntu5.8) hardy-security; urgency=low * SECURITY UPDATE: denial of service via joins involving a table with a unique SET column - debian/patches/98_CVE-2010-3677.dpatch: improve logic in sql/item_cmpfunc.cc. Add tests to mysql-test/*. - CVE-2010-3677 * SECURITY UPDATE: denial of service via TEMPORARY InnoDB tables with nullable columns - debian/patches/98_CVE-2010-3680.dpatch: check for null datatype in sql/ha_innodb.cc. Add tests to mysql-test/*. - CVE-2010-3680 * SECURITY UPDATE: denial of service via alternate reads from two indexes on a table using the HANDLER interface - debian/patches/98_CVE-2010-3681.dpatch: check for the same index in sql/sql_handler.cc. Add tests to mysql-test/*. - CVE-2010-3681 * SECURITY UPDATE: denial of service via use of EXPLAIN with certain queries - debian/patches/98_CVE-2010-3682.dpatch: improve conditional in sql/sql_select.cc. Add tests to mysql-test/*. - CVE-2010-3682 * SECURITY UPDATE: denial of service via incorrect propagation of type errors. - debian/patches/98_CVE-2010-3833.dpatch: properly check for execution errors in sql/item_func.cc. Add tests to mysql-test/*. - CVE-2010-3833 * SECURITY UPDATE: denial of service via derived table materializing. - debian/patches/98_CVE-2010-3834.dpatch: handle temporary tables in sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*. - CVE-2010-3834 * SECURITY UPDATE: denial of service via user-variable assignment expression. - debian/patches/98_CVE-2010-3835.dpatch: fix logic in sql/item_func.*, Add tests to mysql-test/*. - CVE-2010-3835 * SECURITY UPDATE: denial of service via pre-evaluation of LIKE predicates during view preparation. - debian/patches/98_CVE-2010-3836.dpatch: make sure we're not in view preparation mode in sql/item_cmpfunc.cc. Add tests to mysql-test/*. - CVE-2010-3836 * SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and WITH ROLLUP together. - debian/patches/98_CVE-2010-3837.dpatch: create a copy of the order structures in sql/item_sum.cc, sql/table.h. Add tests to mysql-test/*. - CVE-2010-3837 * SECURITY UPDATE: denial of service via longblob and union or update with subquery. - debian/patches/98_CVE-2010-3838.dpatch: handle REAL_RESULT in sql/item_func.cc. Add tests to mysql-test/*. - CVE-2010-3838 * SECURITY UPDATE: denial of service via PolyFromWKB() function and improper data. - debian/patches/98_CVE-2010-3840.dpatch: improve data handling in sql/spatial.cc. Add tests to mysql-test/*. - CVE-2010-3840 -- Marc Deslauriers <email address hidden> Tue, 09 Nov 2010 11:49:24 -0500
Available diffs
mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu10.5) jaunty-security; urgency=low * SECURITY UPDATE: privilege check bypass via crafted table name argument to COM_FIELD_LIST - debian/patches/102_CVE-2010-1848.dpatch: check table name in sql/sql_parse.cc, Add tests to tests/mysql_client_test.c. - CVE-2010-1848 * SECURITY UPDATE: denial of service via large packets - debian/patches/101_CVE-2010-1849.dpatch: handle big packets in sql/sql_parse.cc, include/mysql_com.h, sql/net_serv.cc. - CVE-2010-1849 * SECURITY UPDATE: arbitrary code execution via crafted table name argument to COM_FIELD_LIST - debian/patches/100_CVE-2010-1850.dpatch: check table name length in sql/sql_parse.cc. - CVE-2010-1850 * SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack - debian/patches/103_CVE-2010-1626.dpatch: check for symlinks in myisam/mi_delete_table.c, add tests to mysql-test/*. - CVE-2010-1626 -- Marc Deslauriers <email address hidden> Thu, 27 May 2010 11:52:10 -0400
Available diffs
mysql-dfsg-5.0 (5.0.51a-3ubuntu5.7) hardy-security; urgency=low * SECURITY UPDATE: privilege check bypass via crafted table name argument to COM_FIELD_LIST - debian/patches/102_CVE-2010-1848.dpatch: check table name in sql/sql_parse.cc, Add tests to tests/mysql_client_test.c. - CVE-2010-1848 * SECURITY UPDATE: denial of service via large packets - debian/patches/101_CVE-2010-1849.dpatch: handle big packets in sql/sql_parse.cc, include/mysql_com.h, sql/net_serv.cc. - CVE-2010-1849 * SECURITY UPDATE: arbitrary code execution via crafted table name argument to COM_FIELD_LIST - debian/patches/100_CVE-2010-1850.dpatch: check table name length in sql/sql_parse.cc. - CVE-2010-1850 * SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack - debian/patches/103_CVE-2010-1626.dpatch: check for symlinks in myisam/mi_delete_table.c. - CVE-2010-1626 -- Marc Deslauriers <email address hidden> Mon, 07 Jun 2010 09:01:22 -0400
Available diffs
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.14) dapper-security; urgency=low * SECURITY UPDATE: privilege check bypass via crafted table name argument to COM_FIELD_LIST - debian/patches/111_CVE-2010-1848.dpatch: check table name in sql/sql_parse.cc, Add tests to tests/mysql_client_test.c. - CVE-2010-1848 * SECURITY UPDATE: denial of service via large packets - debian/patches/110_CVE-2010-1849.dpatch: handle big packets in sql/sql_parse.cc, include/mysql_com.h, sql/net_serv.cc. - CVE-2010-1849 * SECURITY UPDATE: arbitrary code execution via crafted table name argument to COM_FIELD_LIST - debian/patches/109_CVE-2010-1850.dpatch: check table name length in sql/sql_parse.cc. - CVE-2010-1850 * SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack - debian/patches/112_CVE-2010-1626.dpatch: check for symlinks in myisam/mi_delete_table.c. - CVE-2010-1626 -- Marc Deslauriers <email address hidden> Sun, 06 Jun 2010 23:45:00 -0400
Available diffs
mysql-dfsg-5.0 (5.0.51a-3ubuntu5.5) hardy-security; urgency=low * SECURITY UPDATE: Cross-site scripting in the command-line client - debian/patches/97_CVE-2008-4456.dpatch: use xmlencode_print in client/mysql.cc, add test to mysql-test/*. - CVE-2008-4456 * SECURITY UPDATE: format string vulnerabilities in the dispatch_command function - debian/patches/97_CVE-2009-2446.dpatch: use correct format string in sql/sql_parse.cc, add test to tests/mysql_client_test.c. - CVE-2009-2446 * SECURITY UPDATE: denial of service via certain SELECT statements with subqueries and statements that use the GeomFromWKB function - debian/patches/97_CVE-2009-4019.dpatch: return proper errors in sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct null_value in sql/item_geofunc.cc, add tests to mysql-test/*. - CVE-2009-4019 * SECURITY UPDATE: privilege restriction bypass via incorrect calculation of the mysql_unpacked_real_data_home value - debian/patches/97_CVE-2009-4030.dpatch: fix initialization order in sql/mysqld.cc. - CVE-2009-4030 * SECURITY UPDATE: arbitrary code execution via yassl stack overflow - debian/patches/98_CVE-2009-4484.dpatch: validate lengths in extra/yassl/taocrypt/src/asn.*. - CVE-2009-4484 * debian/patches/99_ssl_test_certs.dpatch: update certificates in the test suite as they are expired. The new certs expire 2015-01-28. (LP: #323755) -- Marc Deslauriers <email address hidden> Mon, 08 Feb 2010 09:01:56 -0500
Available diffs
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.12) dapper-security; urgency=low * SECURITY UPDATE: Cross-site scripting in the command-line client - debian/patches/108_CVE-2008-4456.dpatch: use xmlencode_print in client/mysql.cc, add test to mysql-test/*. - CVE-2008-4456 * SECURITY UPDATE: format string vulnerabilities in the dispatch_command function - debian/patches/108_CVE-2009-2446.dpatch: use correct format string in sql/sql_parse.cc, add test to tests/mysql_client_test.c. - CVE-2009-2446 * SECURITY UPDATE: denial of service via certain SELECT statements with subqueries and statements that use the GeomFromWKB function - debian/patches/108_CVE-2009-4019.dpatch: handle errors in sql/sql_select.cc, set correct null_value in sql/item_geofunc.cc, add tests to mysql-test/*. - CVE-2009-4019 * SECURITY UPDATE: privilege restriction bypass via incorrect calculation of the mysql_unpacked_real_data_home value - debian/patches/108_CVE-2009-4030.dpatch: fix initialization order in sql/mysqld.cc. - CVE-2009-4030 -- Marc Deslauriers <email address hidden> Mon, 08 Feb 2010 09:03:38 -0500
Available diffs
mysql-dfsg-5.0 (5.0.67-0ubuntu6.1) intrepid-security; urgency=low * SECURITY UPDATE: privilege circumvention via the creation of MyISAM tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite existing table files in the data directory. This fix alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. (LP: #254129) - debian/patches/92_CVE-2008-4098.dpatch: Disallow use of MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. - CVE-2008-4098 * SECURITY UPDATE: Cross-site scripting in the command-line client - debian/patches/92_CVE-2008-4456.dpatch: use xmlencode_print in client/mysql.cc, add test to mysql-test/*. - CVE-2008-4456 * SECURITY UPDATE: format string vulnerabilities in the dispatch_command function - debian/patches/92_CVE-2009-2446.dpatch: use correct format string in sql/sql_parse.cc, add test to tests/mysql_client_test.c. - CVE-2009-2446 * SECURITY UPDATE: denial of service via certain SELECT statements with subqueries and statements that use the GeomFromWKB function - debian/patches/92_CVE-2009-4019.dpatch: return proper errors in sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct null_value in sql/item_geofunc.cc, add tests to mysql-test/*. - CVE-2009-4019 * SECURITY UPDATE: privilege restriction bypass via incorrect calculation of the mysql_unpacked_real_data_home value - debian/patches/92_CVE-2009-4030.dpatch: fix initialization order in sql/mysqld.cc. - CVE-2009-4030 * SECURITY UPDATE: arbitrary code execution via yassl stack overflow - debian/patches/93_CVE-2009-4484.dpatch: validate lengths in extra/yassl/taocrypt/src/asn.*. - CVE-2009-4484 * debian/patches/94_ssl_test_certs.dpatch: update certificates in the test suite as they are expired. The new certs expire 2015-01-28. (LP: #323755) -- Marc Deslauriers <email address hidden> Mon, 08 Feb 2010 09:00:54 -0500
Available diffs
mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu10.3) jaunty-security; urgency=low * SECURITY UPDATE: Cross-site scripting in the command-line client - debian/patches/93_CVE-2008-4456.dpatch: use xmlencode_print in client/mysql.cc, add test to mysql-test/*. - CVE-2008-4456 * SECURITY UPDATE: format string vulnerabilities in the dispatch_command function - debian/patches/94_CVE-2009-2446.dpatch: use correct format string in sql/sql_parse.cc, add test to tests/mysql_client_test.c. - CVE-2009-2446 * SECURITY UPDATE: denial of service via certain SELECT statements with subqueries and statements that use the GeomFromWKB function - debian/patches/95_CVE-2009-4019.dpatch: return proper errors in sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct null_value in sql/item_geofunc.cc, add tests to mysql-test/*. - CVE-2009-4019 * SECURITY UPDATE: privilege restriction bypass via incorrect calculation of the mysql_unpacked_real_data_home value - debian/patches/96_CVE-2009-4030.dpatch: fix initialization order in sql/mysqld.cc. - CVE-2009-4030 * SECURITY UPDATE: arbitrary code execution via yassl stack overflow - debian/patches/97_CVE-2009-4484.dpatch: validate lengths in extra/yassl/taocrypt/src/asn.*. - CVE-2009-4484 * debian/patches/92_ssl_test_cert.dpatch: disabled patch as certs are now expired. * debian/patches/98_ssl_test_certs.dpatch: update certificates in the test suite as they are expired. The new certs expire 2015-01-28. -- Marc Deslauriers <email address hidden> Mon, 08 Feb 2010 08:50:16 -0500
Available diffs
mysql-dfsg-5.0 (5.1.30really5.0.83-0ubuntu3) karmic; urgency=low * Don't build mysql-{server,client,common} as they're now provided by mysql-dfsg-5.1 (LP: #426769). -- Mathias Gug <email address hidden> Wed, 09 Sep 2009 11:58:31 -0400
Available diffs
Superseded in karmic-release |
mysql-dfsg-5.0 (5.1.30really5.0.83-0ubuntu2) karmic; urgency=low * Make mysql-server-core-5.0 provide mysql-server-core. (LP: #418342) -- Mathias Gug <email address hidden> Tue, 08 Sep 2009 15:19:41 -0400
Available diffs
mysql-dfsg-5.0 (5.1.30really5.0.83-0ubuntu1) karmic; urgency=low [ Norbert Tretkowski ] * New upstream release. [ Mathias Gug ] * Merge from debian unstable, remaining changes: + debian/control: - Add a mysql-doc-5.0 as a Suggest to mysql-client-5.0, mysql-server-5.0 and libmysql15-dev - Prepend XS-Original- to Vcs-{Browser, SVN}. - Lower mailx from a Recommends to a Suggests, which is pulling in exim4 on all installs fo mysql-server. (LP: #259477) + debian/rules: - Apply same configuration options on lpia as for i386. - Add -fno-strict-aliasing to fix FTBFS failures in the mysql testsuite. - Install mysqld AppArmor profile. + debian/additions/my.cnf: - Error message files are located in a different directory in MySQL 5.1. Setting the language option to use /usr/share/mysql/ breaks 5.1. Both 5.0 and 5.1 use a default value that works. (LP: #316974). - remove skip-bdb option. This option is not available in 5.1 anymore. Moreover 5.0 isn't build with the BerkeleyDB engine. (LP: #316849) + Create mysql-server-core-5.0 package for files needed by Akonadi. + Add mysqld AppArmor profile: - debian/apparmor-profile: mysqld AppArmor profile. - debian/mysql-server-5.0.README.Debian: add a note about mysqld AppArmor profile. - debian/mysql-server-5.0.files: ship mysqld AppArmor profile. - debian/mysql-server-5.0.postinst: reload mysqld AppArmor profile. - debian/rules: install mysqld AppArmor profile. - debian/additions/my.cnf: add warning about apparmor. (LP: #201799) + Fixes random build failures: - 90_upstream_bug_23921.dpatch (http://bugs.mysql.com/bug.php?id=23921). - 91_ubuntu_buildd_testfailures.dpatch: disable tests that fail randomly only on the amd64 buildd. + Fix log-slow-queries option: (LP: #183762) - debian/patches/57-fix-mysqlslowdump-config.dpatch: support log_slow_queries option in mysqlslowdump. - debian/additions/my.cnf: use log-slow-queries instead of log_slow_queries. * debian/patches/38_scripts__mysqld_safe.sh__signals.dpatch: wait in the SIGHUP trap to avoid killing an existing mysqld process when a HUP signal is sent to mysqld_safe. (LP: #326768) * Dropped from Ubuntu: + debian/patches/92_ssl_test_cert.dpatch: Fixed in 5.0.78. + Fix man page conflicts with mysql-doc-5.0 when upgrading from gutsy for mysql-server-5.0, mysql-client-5.0, and libmysqlclient15-dev packages. + Replaces and Conflicts apparmour-profiles << 2.1+1075-0ubuntu4 to allow proper upgrades from gutsy. + Follow ApparmorProfileMigration and force apparmor complain mode on some upgrades (LP: #203531) - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/mysql-server-5.0.dirs: add etc/apparmor.d/force-complain - debian/mysql-server-5.0.preinst: create symlink for force-complain/ on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where the profile doesn't exist. - debian/mysql-server-5.0.postrm: remove symlink in force-complain/ on purge. + Modifies debian-start.inc.sh to support ANSI mode (LP: #310211): fixed differently in Debian.
Available diffs
mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu10.2) jaunty-proposed; urgency=low * debian/patches/38_scripts__mysqld_safe.sh__signals.dpatch: wait in the SIGHUP trap to avoid killing an existing mysqld process when a HUP signal is sent to mysqld_safe. (LP: #326768) -- Mathias Gug <email address hidden> Mon, 11 May 2009 22:41:44 -0400
Available diffs
Superseded in jaunty-proposed |
mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu10.1) jaunty-proposed; urgency=low * debian/patches/38_scripts__mysqld_safe.sh__signals.dpatch: - Don't trap sighup as it's causing mysqld to refresh while it has open connections. (LP: #326768) -- Mario Limonciello <email address hidden> Tue, 05 May 2009 13:28:47 -0500
Available diffs
mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu10) jaunty; urgency=low * debian/mysql-server-5.0.postinst: Clear out the second password when setting up mysql. (LP: #344816) -- Chuck Short <email address hidden> Mon, 30 Mar 2009 14:59:35 -0400
Available diffs
Superseded in jaunty-release |
mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu9) jaunty; urgency=low * debian/apparmor-profile: add 'network tcp' and access to /var/run/samba/winbindd_privileged/pipe (LP: #306886) * debian/apparmor-profile: add '/var/log/mysql.log rw' and '/var/log/mysql.err rw' (LP: #348532) -- Jamie Strandboge <email address hidden> Wed, 25 Mar 2009 11:47:10 -0500
Available diffs
Superseded in jaunty-release |
mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu8) jaunty; urgency=low * debian/apparmor-profile: add 'capability sys_resource' so that settings in /etc/mysql/my.cnf will work properly (LP: #306541) -- Jamie Strandboge <email address hidden> Tue, 17 Mar 2009 18:04:05 -0500
Available diffs
Superseded in jaunty-release |
mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu7) jaunty; urgency=low * Revert 56-mysqlhotcopy-invalid-dbtable.dpatch: The behavior of $dbh->tables() has changed. Instead of returning a simple "tablename" it returns a full "databasename.tablename". LP: #296952 -- Andreas Olsson <email address hidden> Sat, 31 Jan 2009 22:34:54 +0100
Available diffs
Superseded in jaunty-release |
mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu6) jaunty; urgency=low [ Andreas Olsson <email address hidden> ] * Modifies debian-start.inc.sh to support ANSI mode (LP: #310211) -- Dustin Kirkland <email address hidden> Thu, 12 Feb 2009 14:39:04 -0600
Available diffs
Superseded in jaunty-release |
mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu5) jaunty; urgency=low [ Andreas Olsson ] * debian/patches/92_ssl_test_cert.dpatch: Re-generated the PKI files needed for the tests. (LP: #323755) -- Mathias Gug <email address hidden> Tue, 03 Feb 2009 04:36:21 -0500
Available diffs
Superseded in jaunty-release |
mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu4) jaunty; urgency=low * debian/additions/my.cnf: remove language option. Error message files are located in a different directory in MySQL 5.1. Setting the language option to use /usr/share/mysql/ breaks 5.1. Both 5.0 and 5.1 use a default value that works. (LP: #316974). -- Mathias Gug <email address hidden> Thu, 29 Jan 2009 16:01:31 -0500
Available diffs
Superseded in jaunty-release |
mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu3) jaunty; urgency=low * debian/additions/my.cnf: remove skip-bdb option. This option is not available in 5.1 anymore. Moreover 5.0 isn't build with the BerkeleyDB engine. (LP: #316849) * debian/mysql-sever-core-5.0.files: move character sets files to -core as they're required for mysqld to properly support character sets. -- Mathias Gug <email address hidden> Wed, 21 Jan 2009 19:41:14 -0500
Available diffs
Superseded in jaunty-release |
mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu2) jaunty; urgency=low * Create mysql-server-core-5.0 package for files needed by Akonadi -- Jonathan Riddell <email address hidden> Fri, 16 Jan 2009 11:34:29 +0000
Available diffs
Superseded in jaunty-release |
mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu1) jaunty; urgency=low * No change upload. Rebuild so that libmysqlclient15-dev is again available in jaunty. mysql-dfsg-5.1_5.1.30-2ubuntu1 provided a libmysqlclient15-dev transitional package. -2ubuntu2 doesn't provide libmysqlclient15-dev anymore. (LP: #316280). -- Mathias Gug <email address hidden> Tue, 13 Jan 2009 13:24:13 -0500
Available diffs
Superseded in jaunty-release |
mysql-dfsg-5.0 (5.0.75-1ubuntu1) jaunty; urgency=low * Merge from debian unstable, remaining changes: - Set maintainer to Ubuntu Core dev. Move Debian maintainer to XSBC-Original-Maintainer. - Add a mysql-doc-5.0 as a Suggest to mysql-client-5.0 mysql-server-5.0 and libmysql15-dev - Prepend XS-Original- to Vcs-{Browser, SVN}. - Fix man page conflicts with mysql-doc-5.0 when upgrading from gutsy for mysql-server-5.0, mysql-client-5.0, and libmysqlclient15-dev packages. - Replaces and Conflicts apparmour-profiles << 2.1+1075-0ubuntu4 to allow proper upgrades from gutsy. - Lower mailx from a Recommends to a Suggests, which is pulling in exim4 on all installs fo mysql-server. (LP: #259477) * debian/rules: - Apply same configuration options on lopia as for i386. - Replace --with-comment="Debian" with --with-comment"Ubuntu". * debian/additions/my.cnf: - Add note about the "/etc/mysql/conf.d" directory in my.cnf. - Add warning about apparmor. (LP: #201799) * Follow ApparmorProfileMigration and force apparmor complain mode on some upgrades (LP: #203531) - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/mysql-server-5.0.dirs: add etc/apparmor.d/force-complain - debian/mysql-server-5.0.preinst: create symlink for force-complain/ on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where the profile doesn't exist. - debian/mysql-server-5.0.postrm: remove symlink in force-complain/ on purge.
Available diffs
Superseded in jaunty-release |
mysql-dfsg-5.0 (5.0.75-0ubuntu1) jaunty; urgency=low * New upstream release. * debian/rules + Add -fno-strict-aliasing to fix FTBFS failures in the mysql testsuite. * Dropped debian/patches/80_fix_user_setup_on_localhost.dpatch. Already fixed upstream. -- Chuck Short <email address hidden> Tue, 06 Jan 2009 08:59:29 -0500
Available diffs
- diff from 5.0.67-0ubuntu6 to 5.0.75-0ubuntu1 (665.1 KiB)
mysql-dfsg-5.0 (5.0.51a-3ubuntu5.4) hardy-security; urgency=low * SECURITY UPDATE: denial of service via an empty bit-string literal (b'') - debian/patches/95_SECURITY_CVE-2008-3963.dpatch: fix Item_bin_string:: Item_bin_string() in sql/item.cc to parse an empty bit-string literal as an empty string. - CVE-2008-3963 * SECURITY UPDATE: privilege circumvention via the creation of MyISAM tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite existing table files in the data directory. This update is a complete fix for the three CVE numbers listed below. This fix alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. (LP: #254129) - debian/patches/96_SECURITY_CVE-2008-4098.dpatch: Disallow use of MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. - CVE-2008-2079 - CVE-2008-4097 - CVE-2008-4098 * debian/rules: do not update po tree for security updates. -- Marc Deslauriers <email address hidden> Thu, 13 Nov 2008 14:56:05 -0500
Available diffs
mysql-dfsg-5.0 (5.0.45-1ubuntu3.4) gutsy-security; urgency=low * SECURITY UPDATE: denial of service via an empty bit-string literal (b'') - debian/patches/98_SECURITY_CVE-2008-3963.dpatch: fix Item_bin_string:: Item_bin_string() in sql/item.cc to parse an empty bit-string literal as an empty string. - CVE-2008-3963 * SECURITY UPDATE: privilege circumvention via the creation of MyISAM tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite existing table files in the data directory. This update is a complete fix for the three CVE numbers listed below. This fix alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. (LP: #254129) - debian/patches/99_SECURITY_CVE-2008-4098.dpatch: Disallow use of MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. - CVE-2008-2079 - CVE-2008-4097 - CVE-2008-4098 * debian/rules: do not update po tree for security updates. -- Marc Deslauriers <email address hidden> Thu, 13 Nov 2008 10:34:12 -0500
Available diffs
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.11) dapper-security; urgency=low * SECURITY UPDATE: denial of service via an empty bit-string literal (b'') - debian/patches/106_SECURITY_CVE-2008-3963.dpatch: fix Item_bin_string:: Item_bin_string() in sql/item.cc to parse an empty bit-string literal as an empty string. - CVE-2008-3963 * SECURITY UPDATE: privilege circumvention via the creation of MyISAM tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite existing table files in the data directory. This update is a complete fix for the three CVE numbers listed below. This fix alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. (LP: #254129) - debian/patches/107_SECURITY_CVE-2008-4098.dpatch: Disallow use of MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. - CVE-2008-2079 - CVE-2008-4097 - CVE-2008-4098 -- Marc Deslauriers <email address hidden> Mon, 10 Nov 2008 13:42:30 -0500
Available diffs
mysql-dfsg-5.0 (5.0.67-0ubuntu6) intrepid; urgency=low * Clean up mysql apparmor profile. (LP: #270663) -- Chuck Short <email address hidden> Thu, 18 Sep 2008 09:37:56 -0400
Available diffs
- diff from 5.0.67-0ubuntu5 to 5.0.67-0ubuntu6 (427 bytes)
mysql-dfsg-5.0 (5.0.51a-3ubuntu5.3) hardy-proposed; urgency=low * debian/patches/94_fix_mysqldump_with_old_versions.dpatch: Fixes mysqldump when dumping a database from mysql 4.1. (LP: #267696) -- Chuck Short <email address hidden> Wed, 10 Sep 2008 12:34:24 +0000
Available diffs
Superseded in intrepid-release |
mysql-dfsg-5.0 (5.0.67-0ubuntu5) intrepid; urgency=low * Add 91_ubuntu_buildd_testfailures.dpatch: disable tests that fail randomly only on the amd64 buildd. -- Kees Cook <email address hidden> Thu, 28 Aug 2008 09:39:05 -0700
Available diffs
- diff from 5.0.67-0ubuntu4 to 5.0.67-0ubuntu5 (824 bytes)
Superseded in intrepid-release |
mysql-dfsg-5.0 (5.0.67-0ubuntu4) intrepid; urgency=low * Revert 99_incease_test_timeout.dpatch, and try upstream fixes for random test failures as 90_upstream_bug_23921.dpatch (see http://bugs.mysql.com/bug.php?id=23921). Fixes random build failures. * Revert PIE hardening -- subselect test kills running server on i386. -- Kees Cook <email address hidden> Wed, 27 Aug 2008 11:09:34 -0700
Available diffs
Superseded in intrepid-release |
mysql-dfsg-5.0 (5.0.67-0ubuntu3) intrepid; urgency=low * debian/patches/99_incease_test_timeout.dpatch: Increase the timeout time for mysql-tests in build. -- Chuck Short <email address hidden> Tue, 26 Aug 2008 10:57:12 -0400
Available diffs
- diff from 5.0.67-0ubuntu2 to 5.0.67-0ubuntu3 (634 bytes)
Superseded in intrepid-release |
mysql-dfsg-5.0 (5.0.67-0ubuntu2) intrepid; urgency=low * debian/{control,rules}: enable PIE hardening -- Kees Cook <email address hidden> Mon, 25 Aug 2008 13:53:36 -0700
Available diffs
- diff from 5.0.67-0ubuntu1 to 5.0.67-0ubuntu2 (850 bytes)
Superseded in intrepid-release |
mysql-dfsg-5.0 (5.0.67-0ubuntu1) intrepid; urgency=low * debian/control: - Set maintainer to Ubuntu Core dev. Move Debian maintainer to XSBC-Original-Maintainer. - Add a mysql-doc-5.0 as a Suggest to mysql-client-5.0 mysql-server-5.0 andd libmsqlclient15-dev - Prepend XS-Original- to Vcs-{Browser,Svn}. - Fix man page conflicts with mysql-doc-5.0 when upgrading from gutsy for mysql-server-5.0, mysql-client-5.0 and libmysqlclient15-dev packages. - Replaces and Conflicts apparmor-profiles << 2.1+1075-0ubuntu4 to allow proper upgrades from gutsy. - Lower "mailx from a Recommends to a Suggests, which is pulling in exim4 on all installs of mysql-server. (LP: #259477). * debian/rules: - Apply same configuration options on lpia as for i386. - Replace --with-comment="Debian" --with-comment="Ubuntu". * debian/additions/my.cnf: - Add note about the "/etc/mysql/conf.d" directory in my.cnf. - Add warning about apparmor (LP: #201799) * Follow ApparmorProfileMigration and force apparmor complain mode on some upgrades (LP: #203531) - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/mysql-server-5.0.dirs: add etc/apparmor.d/force-complain - debian/mysql-server-5.0.preinst: create symlink for force-complain/ on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where the profile doesn't exist. - debian/mysql-server-5.0.postrm: remove symlink in force-complain/ on purge. * Dropped debian/patches/58-disable-ndb-backup-print.dpatch, no longer needed. * Dropped debian/patches/93_fix_user_setup_on_localhost.dpatch. use Debian's instead. -- Chuck Short <email address hidden> Fri, 22 Aug 2008 10:49:54 -0400
Available diffs
Superseded in intrepid-release |
mysql-dfsg-5.0 (5.0.51a-6ubuntu4) intrepid; urgency=low * debian/control: Lower "mailx" from a Recommends to a Suggests, which is pulling in exim4 on all installs of mysql-server (LP: #259477). -- Dustin Kirkland <email address hidden> Tue, 19 Aug 2008 17:49:12 +0100
Available diffs
- diff from 5.0.51a-6ubuntu3 to 5.0.51a-6ubuntu4 (648 bytes)
Superseded in hardy-proposed |
mysql-dfsg-5.0 (5.0.51a-3ubuntu5.2) hardy-proposed; urgency=low * Add a Conflicts/Replaces on mysql-client-4.1 and mysql-server-4.1, to ensure smooth upgrades for users of Ubuntu 6.06 that may still have these universe packages installed. LP: #208695. -- Steve Langasek <email address hidden> Wed, 09 Jul 2008 23:53:26 +0000
Available diffs
Superseded in intrepid-release |
mysql-dfsg-5.0 (5.0.51a-6ubuntu3) intrepid; urgency=low * debian/mysql-server-5.0.config: - Revert debian changes. Password dialog had disappeared. (LP: #239668) -- Chuck Short <email address hidden> Mon, 23 Jun 2008 01:04:32 +0000
Available diffs
- diff from 5.0.51a-6ubuntu2 to 5.0.51a-6ubuntu3 (882 bytes)
Superseded in intrepid-release |
mysql-dfsg-5.0 (5.0.51a-6ubuntu2) intrepid; urgency=low * Updated debian/patches/58-disable-ndb-backup-print.dpatch. - Failed tests ndb_alter_table ndb_replace to fix a FTBFS. -- Chuck Short <email address hidden> Thu, 05 Jun 2008 13:39:08 +0000
Available diffs
- diff from 5.0.51a-6ubuntu1 to 5.0.51a-6ubuntu2 (781 bytes)
Superseded in intrepid-release |
mysql-dfsg-5.0 (5.0.51a-6ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - debian/control: - Set maintainer to Ubuntu Core dev. Move Debian maintainer to XSBC-Original-Maintainer - Add mysql-doc-.0 as a Suggest to mysql-client-5.0 mysql-server-5.0 and libmysqlcient15-dev. - Prepared XS-Original to Vcs-{Browser,Svn}. - Fix man pages conflicts with mysql-doc-5.0 when upgrading from gutsy for mysql-server-5.0, mysql-client-5.0 and libmysqlclient15-dev packages. - Replaces and conflicts apparmor-profiles << 2.1+1075-0ubuntu4 to allow proper upgrade from gutsy. - debian/rules: - Apply same configuration options on lipa for i386. - Replace --with-comment="Debian" with --with-comment=Ubuntu". - debian/patches/93_fix_user_setup_on_localhost.dpatch - Fix setup of user table, if hostname is "localhost". Thanks to Daniel Hahler. (LP: #223836) - debian/patches/56-mysqlhotcopy-invalid-dbtable.dpatch - Update patch to address mysqlhotcopy issues. (LP: #197606) - Folow ApparmorProfileMigration and force apparmor complain mode on some upgrades. (LP: #203531) - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/mysql-server-5.0.dirs: add etc/apparmor.d/force-complain - debian/mysql-server-5.0.preinst: create symlink for force-complain/ on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where the profile doesn't exist. - debian/mysql-server-5.0.postrm: remove symlink in force-complain/ on purge - debian/additions/my.cnf: add warning about apparmor (LP: #201799) - Disable ndb_backup_print tests as it fails sometimes (LP: #194542). Patch taken from 5.0.54. * Dropped: - debian/patches/92_fix_order_by32202.dpatch. In favour of 56_fix_order_by.dpatch from debian - confirming password on install if given. Already used upstream. - debian/patches/59-fix-mysql-replication-logs.dpatch. In favour of of 57_fix_mysql_replication.dpatch from debian.
Available diffs
- diff from 5.0.51a-3ubuntu5.1 to 5.0.51a-6ubuntu1 (343.0 KiB)
Superseded in intrepid-release |
Superseded in hardy-updates |
Deleted in hardy-proposed (Reason: moved to -updates) |
mysql-dfsg-5.0 (5.0.51a-3ubuntu5.1) hardy-proposed; urgency=low * debian/patches/93_fix_user_setup_on_localhost.dpatch - Fix setup of user table, if hostname is "localhost". Thanks to Daniel Hahler (LP: #223836) * debian/patches/56-mysqlhotcopy-invalid-dbtable.dpatch - Update patch to address mysqlhotcopy issues. (LP: #197606) -- Chuck Short <email address hidden> Tue, 29 Apr 2008 15:09:33 -0400
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.10) dapper-proposed; urgency=low * RELIABILITY UPDATE: fix for upstream bug #20908 * debian/patches/105_upstream_20908.dpatch: fix MYSQLlex() in sql_lex.cc to ABORT_SYM on zero-length variable names * References LP: #217772 http://bugs.mysql.com/bug.php?id=20908 -- Jamie Strandboge <email address hidden> Tue, 15 Apr 2008 16:28:38 -0400
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.9) dapper-security; urgency=low * Fix for upstream bug #20482: Creation of a view as a join of views or tables could fail if the views or tables are in different databases. This bug was introduced in the update for CVE-2007-2692, which had more restrictive privilege checks. (LP: #209699) -- Jamie Strandboge <email address hidden> Tue, 01 Apr 2008 13:03:24 -0400
mysql-dfsg-5.0 (5.0.51a-3ubuntu5) hardy; urgency=low * debian/patches/59-fix-mysql-replication-logs.dpatch: Fix mysql replication: relay-logs were stored in /var/run. (LP: #119271). Patch taken from 5.0.54. * debian/patches/58-disable-ndb-backup-print.dpatch: update description of ndb_backup_print patch. -- Mathias Gug <email address hidden> Thu, 27 Mar 2008 19:02:38 -0400
Superseded in hardy-release |
mysql-dfsg-5.0 (5.0.51a-3ubuntu4) hardy; urgency=low * Disable ndb_backup_print tests as it fails sometimes (LP: #194542). Patch taken from 5.0.54. -- Mathias Gug <email address hidden> Wed, 26 Mar 2008 19:08:32 -0400
Superseded in hardy-release |
mysql-dfsg-5.0 (5.0.51a-3ubuntu3) hardy; urgency=low [ Nicolas Valcárcel ] * Confirming password on install if given (LP: #162167) [ Jamie Strandboge ] * follow ApparmorProfileMigration and force apparmor complain mode on some upgrades (LP: #203531) - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/mysql-server-5.0.dirs: add etc/apparmor.d/force-complain - debian/mysql-server-5.0.preinst: create symlink for force-complain/ on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where the profile doesn't exist - debian/mysql-server-5.0.postrm: remove symlink in force-complain/ on purge * debian/additions/my.cnf: add warning about apparmor (LP: #201799) -- Mathias Gug <email address hidden> Tue, 25 Mar 2008 17:05:22 -0400
mysql-dfsg-5.0 (5.0.45-1ubuntu3.3) gutsy-security; urgency=low * no change build for -security upload
mysql-dfsg-5.0 (5.0.38-0ubuntu1.4) feisty-security; urgency=low * no change build for -security upload
mysql-dfsg-5.0 (5.0.24a-9ubuntu2.4) edgy-security; urgency=low * no change build for -security upload
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.8) dapper-security; urgency=low * no change build for -security upload
Superseded in hardy-release |
mysql-dfsg-5.0 (5.0.51a-3ubuntu2) hardy; urgency=low * debian/patches/92_fix_order_by32202.dpatch: fix for ORDER BY not working with GROUP BY (LP: #202706) * References: http://bugs.mysql.com/bug.php?id=32202 -- Jamie Strandboge <email address hidden> Mon, 17 Mar 2008 07:35:15 -0400
Deleted in dapper-proposed (Reason: moved to -updates) |
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.7) dapper-proposed; urgency=low * SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in handshake.cpp and input_buffer& operator>> in yassl_imp.cpp * SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp * debian/patches/99_SECURITY_CVE-2008-0226_0227.dpatch: properly verify length of input (LP: #186978). Note that while this patch is included, mysql on Ubuntu 6.06 is not compiled with yassl enabled. * SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements * debian/patches/100_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer is non-NULL in sql_view.cc (LP: #185039). This patch also fixes upstream bug #21080, which was needed to keep VIEW definitions in sync. * SECURITY UPDATE: denial of service via crafted EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table * debian/patches/101_SECURITY_CVE-2006-7232.dpatch: make sure thd->lex-describe is non-NULL in sql_select.cc (LP: #161127) * debian/patches/102_view_fix-now.dpatch: update view.test and view.result to use a static year instead of now(). These tests are not part of the build but helps with qa-regression-testing * SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored routines * debian/patches/103_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access when returning from stored routine by performing privilege checks in the execution stage rather than the parsing stage. This patch also fixes upstream bug #18681, which was needed to properly check view security. * References CVE-2008-0226 CVE-2008-0227 CVE-2007-6303 CVE-2006-7232 CVE-2007-2692 http://bugs.mysql.com/bug.php?id=27337 http://bugs.mysql.com/bug.php?id=18681 http://bugs.mysql.com/bug.php?id=21080 -- Jamie Strandboge <email address hidden> Thu, 06 Mar 2008 07:53:05 -0500
Deleted in edgy-proposed (Reason: moved to -updates) |
mysql-dfsg-5.0 (5.0.24a-9ubuntu2.3) edgy-proposed; urgency=low * SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in handshake.cpp and input_buffer& operator>> in yassl_imp.cpp * SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp * debian/patches/99_SECURITY_CVE-2008-0226_0227.dpatch: properly verify length of input (LP: #186978). * SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements * debian/patches/100_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer is non-NULL in sql_view.cc (LP: #185039). This patch also fixes upstream bug #21080, which was needed to keep VIEW definitions in sync. * SECURITY UPDATE: denial of service via crafted EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table * debian/patches/101_SECURITY_CVE-2006-7232.dpatch: make sure thd->lex-describe is non-NULL in sql_select.cc (LP: #161127) * debian/patches/102_view_fix-now.dpatch: update view.test and view.result to use a static year instead of now(). These tests are not part of the build but helps with qa-regression-testing * SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored routines * debian/patches/103_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access when returning from stored routine by performing privilege checks in the execution stage rather than the parsing stage. * References CVE-2008-0226 CVE-2008-0227 CVE-2007-6303 CVE-2006-7232 CVE-2007-2692 http://bugs.mysql.com/bug.php?id=27337 http://bugs.mysql.com/bug.php?id=21080 -- Jamie Strandboge <email address hidden> Thu, 06 Mar 2008 09:09:00 -0500
Deleted in feisty-proposed (Reason: moved to -updates) |
mysql-dfsg-5.0 (5.0.38-0ubuntu1.3) feisty-proposed; urgency=low * SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in handshake.cpp and input_buffer& operator>> in yassl_imp.cpp * SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp * debian/patches/97_SECURITY_CVE-2008-0226_0227.dpatch: properly verify length of input (LP: #186978). * SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements * debian/patches/98_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer is non-NULL in sql_view.cc (LP: #185039) * debian/patches/99_view_fix-now.dpatch: update view.test and view.result to use a static year instead of now(). These tests are not part of the build but helps with qa-regression-testing * SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored routines * debian/patches/100_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access when returning from stored routine by performing privilege checks in the execution stage rather than the parsing stage. (LP: #172260) * References CVE-2008-0226 CVE-2008-0227 CVE-2007-6303 CVE-2007-2692 http://bugs.mysql.com/bug.php?id=27337 -- Jamie Strandboge <email address hidden> Thu, 06 Mar 2008 09:15:54 -0500
Deleted in gutsy-proposed (Reason: moved to -updates) |
mysql-dfsg-5.0 (5.0.45-1ubuntu3.2) gutsy-proposed; urgency=low * SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in handshake.cpp and input_buffer& operator>> in yassl_imp.cpp * SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp * debian/patches/95_SECURITY_CVE-2008-0226_0227.dpatch: properly verify length of input (LP: #186978) * SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements * debian/patches/96_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer is non-NULL in sql_view.cc (LP: #185039) * debian/patches/97_view_fix-now.dpatch: update view.test and view.result to use a static year instead of now(). These tests are not part of the build but helps with qa-regression-testing * References CVE-2008-0226 CVE-2008-0227 CVE-2007-6303 -- Jamie Strandboge <email address hidden> Thu, 06 Mar 2008 09:26:24 -0500
Superseded in hardy-release |
mysql-dfsg-5.0 (5.0.51a-3ubuntu1) hardy; urgency=low * Merge from debian unstable, remaining changes: - debian/control: - Set Maintainer to Ubuntu Core dev. Move Debian maintainer to XSBC-Original-Maintainer. - Add mysql-doc-5.0 as a Suggests to mysql-client-5.0, mysql-server-5.0 and libmysqlclient15-dev. - Preprend XS-Original- to Vcs-{Browser,Svn}. - Fix man page conflicts with mysql-doc-5.0 when upgrading from gutsy for mysql-server-5.0, mysql-client-5.0 and libmysqlclient15-dev packages. - Replaces and Conflicts apparmor-profiles << 2.1+1075-0ubuntu4 to allow proper upgrade from gutsy. - debian/rules: - Apply same configuration options on lpia as for i386. - Replace --with-comment="Debian" with --with-comment="Ubuntu". - debian/additions/my.cnf: Add note about the "/etc/mysql/conf.d" directory in my.cnf. - debian/patches/56-mysqlhotcopy-invalid-dbtable.dpatch: Fixed mysqlhotcopy failure. - debian/patches/57-fix-mysqlslowdump-config.dpatch: Fixed mysqlslowdump usage. - debian/apparmor-profile, debian/mysql-server-5.0.files: add AppArmor profile. - debian/mysql-server-5.0.postinst: Reload AA profile on configuration. - debian/mysql-server-5.0.README.Debian: add a note on AppArmor.
Superseded in hardy-release |
mysql-dfsg-5.0 (5.0.51a-1ubuntu1) hardy; urgency=low [ Mathias Gug ] * Merge from debian unstable, remaining changes: - debian/control: - Set Maintainer to Ubuntu Core dev. Move Debian maintainer to XSBC-Original-Maintainer. - Add mysql-doc-5.0 as a Suggests to mysql-client-5.0, mysql-server-5.0 and libmysqlclient15-dev. - Preprend XS-Original- to Vcs-{Browser,Svn}. - Fix man page conflicts with mysql-doc-5.0 when upgrading from gutsy for mysql-server-5.0, mysql-client-5.0 and libmysqlclient15-dev packages. - debian/rules: - Apply same configuration options on lpia as for i386. - Replace --with-comment="Debian" with --with-comment="Ubuntu". - debian/additions/my.cnf: Add note about the "/etc/mysql/conf.d" directory in my.cnf. - debian/patches/56-mysqlhotcopy-invalid-dbtable.dpatch: Fixed mysqlhotcopy failure. - debian/patches/57-fix-mysqlslowdump-config.dpatch: Fixed mysqlslowdump usage. * Dropped: - debian/rules: - Support DEB_BUILD_OPTIONS option 'nocheck' to skip tests. * debian/control: - Add build dependency on texlive-extra-utils. [ Jamie Strandboge ] * add AppArmor profile + debian/apparmor-profile + debian/mysql-server-5.0.postinst: Reload AA profile on configuration * updated debian//mysql-server-5.0.README.Debian for note on AppArmor * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we should now take control * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmor-profiles gets installed it won't overwrite our profile
Superseded in hardy-release |
mysql-dfsg-5.0 (5.0.51-3ubuntu2) hardy; urgency=low * Fix man page conflicts. (LP: #189187) -- Chuck Short <email address hidden> Tue, 05 Feb 2008 11:45:06 -0500
Superseded in hardy-release |
mysql-dfsg-5.0 (5.0.51-3ubuntu1) hardy; urgency=low [Mathias Gug] * Merge from debian unstable, remaining changes: - debian/control: - Set Maintainer to Ubuntu Core dev. Move Debian maintainer to XSBC-Original-Maintainer. - Add mysql-doc-5.0 as a Suggests to mysql-client-5.0, mysql-server-5.0 and libmysqlclient15-dev. - debian/rules: Apply same configuration options on lpia as for i386. * debian/control: - Preprend XS-Original- to Vcs-{Browser,Svn}. * debian/rules: - Support DEB_BUILD_OPTIONS option 'nocheck' to skip tests. * Dropped patches: - debian/patches/91_bug29389.dpatch: fix for mysql bug 27383 which causes mysql-test 'mysql_client_test' to fail due to gcc 4.x optimizations. - debian/libmysqlclient15-dev.files, debian/mysql-client-5.0.files, debian/mysql-server-5.0.files: man pages are GPLed now. * Improved error message when unable to connect using debian-sys-maint. (LP: #153868) [Chuck Short] * Replcaed --with-comment="Debian" with --with-comment="Ubuntu" in debian/rules (LP: #134384) * Added note about the "/etc/mysql/conf.d" directory in my.cnf (LP: #136225) * Fixed mysqlhotcopy failure. (LP: #162393) * Fixed mysqlslowdump usage. Added patch from Arnold Daniels <email address hidden>. (LP: #183762) -- Mathias Gug <email address hidden> Fri, 25 Jan 2008 04:10:49 -0500
mysql-dfsg-5.0 (5.0.45-1ubuntu3.1) gutsy-security; urgency=low * SECURITY UPDATE: denial of service via crafted CONTAINS operation when using InnoDB * debian/patches/91_SECURITY_CVE-2007-5925.dpatch: make sure innodb returns error on unsupported operations (db0err.h, page0cur.h, ha_innodb.cc) * SECURITY UPDATE: privilege escalation using symlinks when using DATA DIRECTORY and INDEX DIRECTORY options via a RENAME TABLE statement * debian/patches/92_SECURITY_CVE-2007-5969.dpatch: fix for my_symlink2.c to properly check symlinks when performing a rename operation * SECURITY UPDATE: denial of service via SHOW TABLE STATUS query in federated engine * debian/patches/94_SECURITY_CVE-2007-6304.dpatch: fix for ha_federated.cc to to return error if the response doesn't have enough columns * References CVE-2007-5925 CVE-2007-5969 CVE-2007-6304 LP #172260 -- Jamie Strandboge <email address hidden> Wed, 19 Dec 2007 13:43:43 +0000
mysql-dfsg-5.0 (5.0.38-0ubuntu1.2) feisty-security; urgency=low * SECURITY UPDATE: denial of service via crafted CONTAINS operation when using InnoDB * debian/patches/91_SECURITY_CVE-2007-5925.dpatch: make sure innodb returns error on unsupported operations (db0err.h, page0cur.h, ha_innodb.cc) * SECURITY UPDATE: privilege escalation using symlinks when using DATA DIRECTORY and INDEX DIRECTORY options via a RENAME TABLE statement * debian/patches/92_SECURITY_CVE-2007-5969.dpatch: fix for my_symlink2.c to properly check symlinks when performing a rename operation * SECURITY UPDATE: denial of service via SHOW TABLE STATUS query in federated engine * debian/patches/94_SECURITY_CVE-2007-6304.dpatch: fix for ha_federated.cc to to return error if the response doesn't have enough columns * SECURITY UPDATE: information disclosure when using CREATE TABLE LIKE statements * debian/patches/96_SECURITY_CVE-2007-3781.dpatch: fix to enforce access privileges (sql_parse.cc, handler.h, sql_yacc.yy) * References CVE-2007-5925 CVE-2007-5969 CVE-2007-6304 CVE-2007-3781 LP #172260 -- Jamie Strandboge <email address hidden> Wed, 19 Dec 2007 10:41:49 -0500
mysql-dfsg-5.0 (5.0.24a-9ubuntu2.2) edgy-security; urgency=low * SECURITY UPDATE: denial of service via crafted CONTAINS operation when using InnoDB * debian/patches/98_SECURITY_CVE-2007-5925.dpatch: make sure innodb returns error on unsupported operations (db0err.h, page0cur.h, ha_innodb.cc) * SECURITY UPDATE: privilege escalation using symlinks when using DATA DIRECTORY and INDEX DIRECTORY options via a RENAME TABLE statement * debian/patches/98_SECURITY_CVE-2007-5969.dpatch: fix for my_symlink2.c to properly check symlinks when performing a rename operation * SECURITY UPDATE: denial of service via SHOW TABLE STATUS query in federated engine * debian/patches/98_SECURITY_CVE-2007-6304.dpatch: fix for ha_federated.cc to to return error if the response doesn't have enough columns * SECURITY UPDATE: information disclosure when using CREATE TABLE LIKE statements * debian/patches/98_SECURITY_CVE-2007-3781.dpatch: fix to enforce access privileges (sql_parse.cc, handler.h, sql_yacc.yy) * debian/control: Build-Depends on bison * References CVE-2007-5925 CVE-2007-5969 CVE-2007-6304 CVE-2007-3781 LP #172260 -- Jamie Strandboge <email address hidden> Wed, 19 Dec 2007 11:55:51 -0500
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.6) dapper-security; urgency=low * SECURITY UPDATE: denial of service via crafted CONTAINS operation when using InnoDB * debian/patches/98_SECURITY_CVE-2007-5925.dpatch: make sure innodb returns error on unsupported operations (db0err.h, page0cur.h, ha_innodb.cc). Also updated mysqld_error.h, mysqld_ername.h and errmsg.txt for the new returned error * SECURITY UPDATE: privilege escalation using symlinks when using DATA DIRECTORY and INDEX DIRECTORY options via a RENAME TABLE statement * debian/patches/98_SECURITY_CVE-2007-5969.dpatch: fix for my_symlink2.c to properly check symlinks when performing a rename operation * SECURITY UPDATE: denial of service via SHOW TABLE STATUS query in federated engine * debian/patches/98_SECURITY_CVE-2007-6304.dpatch: fix for ha_federated.cc to to return error if the response doesn't have enough columns * SECURITY UPDATE: information disclosure when using CREATE TABLE LIKE statements * debian/patches/98_SECURITY_CVE-2007-3781.dpatch: fix to enforce access privileges (sql_parse.cc, handler.h, sql_yacc.yy) * debian/control: Build-Depends on bison * References CVE-2007-5925 CVE-2007-5969 CVE-2007-6304 CVE-2007-3781 LP #172260 -- Jamie Strandboge <email address hidden> Wed, 19 Dec 2007 12:52:42 -0500
Superseded in hardy-release |
mysql-dfsg-5.0 (5.0.45-3ubuntu1) hardy; urgency=low * Merge from Debian unstable. Remaining Ubuntu changes: - debian/control: - Set Maintainer to Ubuntu Core dev. Move Debian maintainer to XSBC-Original-Maintainer. - Add mysql-doc-5.0 as a Suggests to mysql-client-5.0, mysql-server-5.0 and libmysqlclient15-dev. - debian/rules: Apply same configuration options on lpia as for i386. - debian/patches/91_bug29389.dpatch: fix for mysql bug 27383 which causes mysql-test 'mysql_client_test' to fail due to gcc 4.x optimizations. - debian/libmysqlclient15-dev.files, debian/mysql-client-5.0.files, debian/mysql-server-5.0.files: remove dummy man pages, as they are shipped in mysql-doc-5.0 package in the restricted repository.
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.5) dapper-security; urgency=low * SECURITY UPDATE: denial of service via crafted IF clause * debian/patches/SECURITY_CVE-2007-2583.dpatch: fix sql/item_cmpfunc.cc to verify res is not NULL * SECURITY UPDATE: privilege escalation * debian/patches/SECURITY_CVE-2007-2691.dpatch: fix sql/sql_parse.cc to make sure DROP privileges are required when using RENAME TABLE statements * SECURITY UPDATE: denial of service via crafted authentication request * debian/patches/SECURITY_CVE-2007-3780.dpatch: fix sql/sql_parse.cc to not overflow a signed char * SECURITY UPDATE: privilege escalation via views * debian/patches/SECURITY_CVE-2007-3782.dpatch: fix sql/sql_prepare.cc and sql/sql_update.cc to properly verify access privileges to external tables * SECURITY UPDATE: warn on startup if root mysql account has a blank password. debian/mysql-server-5.0.mysql.init: supply 'reset-password' and check for blank password. Based on work by Soren Hansen. * References CVE-2007-2583 CVE-2007-2691 CVE-2007-3780 CVE-2007-3782 Launchpad #119075 -- Jamie Strandboge <email address hidden> Tue, 2 Oct 2007 14:46:02 -0400
mysql-dfsg-5.0 (5.0.45-1ubuntu3) gutsy; urgency=low * fix for mysql bug 27383 which causes mysql-test 'mysql_client_test' to fail due to gcc 4.x optimizations -- Jamie Strandboge <email address hidden> Tue, 02 Oct 2007 19:28:58 +0000
mysql-dfsg-5.0 (5.0.38-0ubuntu1.1) feisty-security; urgency=low * SECURITY UPDATE: denial of service via crafted IF clause * debian/patches/91_CVE-2007-2583.dpatch: fix sql/item_cmpfunc.cc to verify res is not NULL * SECURITY UPDATE: privilege escalation * debian/patches/91_CVE-2007-2691.dpatch: fix sql/sql_parse.cc to make sure DROP privileges are required when using RENAME TABLE statements * SECURITY UPDATE: denial of service via crafted authentication request * debian/patches/91_CVE-2007-3780.dpatch: fix sql/sql_parse.cc to not overflow a signed char * SECURITY UPDATE: privilege escalation via views * debian/patches/91_CVE-2007-3782.dpatch: fix sql/sql_prepare.cc and sql/sql_update.cc to properly verify access privileges to external tables * SECURITY UPDATE: warn on startup if root mysql account has a blank password. debian/mysql-server-5.0.mysql.init: supply 'reset-password' and check for blank password. Based on work by Soren Hansen. * References CVE-2007-2583 CVE-2007-2691 CVE-2007-3780 CVE-2007-3782 Launchpad #119075 -- Jamie Strandboge <email address hidden> Wed, 3 Oct 2007 13:32:38 -0400
mysql-dfsg-5.0 (5.0.24a-9ubuntu2.1) edgy-security; urgency=low * SECURITY UPDATE: denial of service via crafted IF clause * debian/patches/97_CVE-2007-2583.dpatch: fix sql/item_cmpfunc.cc to verify res is not NULL * SECURITY UPDATE: privilege escalation * debian/patches/97_CVE-2007-2691.dpatch: fix sql/sql_parse.cc to make sure DROP privileges are required when using RENAME TABLE statements * SECURITY UPDATE: denial of service via crafted authentication request * debian/patches/97_CVE-2007-3780.dpatch: fix sql/sql_parse.cc to not overflow a signed char * SECURITY UPDATE: privilege escalation via views * debian/patches/97_CVE-2007-3782.dpatch: fix sql/sql_prepare.cc and sql/sql_update.cc to properly verify access privileges to external tables * SECURITY UPDATE: warn on startup if root mysql account has a blank password. debian/mysql-server-5.0.mysql.init: supply 'reset-password' and check blank password. Based on work by Soren Hansen. * References CVE-2007-2583 CVE-2007-2691 CVE-2007-3780 CVE-2007-3782 Launchpad #119075 -- Jamie Strandboge <email address hidden> Wed, 3 Oct 2007 15:18:46 -0400
Deleted in dapper-proposed (Reason: moved to -updates) |
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.4) dapper-proposed; urgency=low * Fixed BLOCKSIZE to BLOCK_SIZE in initscript. (LP #118523) -- Mathias Gug <email address hidden> Tue, 24 Jul 2007 16:18:57 -0400
Superseded in gutsy-release |
mysql-dfsg-5.0 (5.0.45-1ubuntu2) gutsy; urgency=low * Apply same configuration options on lpia as for i386. -- Matthias Klose <email address hidden> Wed, 08 Aug 2007 08:13:31 +0000
Superseded in gutsy-release |
mysql-dfsg-5.0 (5.0.45-1ubuntu1) gutsy; urgency=low * debian/libmysqlclient15-dev.files, debian/mysql-client-5.0.files, debian/mysql-server-5.0.files: remove dummy man pages, as they are shipped in mysql-doc-5.0 package in the restricted repository. * debian/control: - Set Maintainer to Ubuntu Core dev. Move Debian maintainer to XSBC-Original-Maintainer. - Add mysql-doc-5.0 as a Suggests to mysql-client-5.0, mysql-server-5.0 and libmysqlclient15-dev. -- Mathias Gug <email address hidden> Mon, 30 Jul 2007 12:17:35 -0400
1 → 75 of 107 results | First • Previous • Next • Last |