Format: 1.7 Date: Wed, 19 Dec 2007 12:52:42 -0500 Source: mysql-dfsg-5.0 Binary: libmysqlclient15-dev libmysqlclient15off mysql-client mysql-client-5.0 mysql-common mysql-server mysql-server-5.0 Architecture: amd64_translations amd64 hppa_translations hppa i386_translations all i386 ia64_translations ia64 powerpc_translations powerpc source sparc_translations sparc Version: 5.0.22-0ubuntu6.06.6 Distribution: dapper-security Urgency: low Maintainer: Jamie Strandboge Changed-By: Jamie Strandboge Description: libmysqlclient15-dev - mysql database development files libmysqlclient15off - mysql database client library mysql-client-5.0 - mysql database client binaries mysql-server-5.0 - mysql database server binaries mysql-client - mysql database client (current version) mysql-common - mysql database common files (e.g. /etc/mysql/my.cnf) mysql-server - mysql database server (current version) Changes: mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.6) dapper-security; urgency=low . * SECURITY UPDATE: denial of service via crafted CONTAINS operation when using InnoDB * debian/patches/98_SECURITY_CVE-2007-5925.dpatch: make sure innodb returns error on unsupported operations (db0err.h, page0cur.h, ha_innodb.cc). Also updated mysqld_error.h, mysqld_ername.h and errmsg.txt for the new returned error * SECURITY UPDATE: privilege escalation using symlinks when using DATA DIRECTORY and INDEX DIRECTORY options via a RENAME TABLE statement * debian/patches/98_SECURITY_CVE-2007-5969.dpatch: fix for my_symlink2.c to properly check symlinks when performing a rename operation * SECURITY UPDATE: denial of service via SHOW TABLE STATUS query in federated engine * debian/patches/98_SECURITY_CVE-2007-6304.dpatch: fix for ha_federated.cc to to return error if the response doesn't have enough columns * SECURITY UPDATE: information disclosure when using CREATE TABLE LIKE statements * debian/patches/98_SECURITY_CVE-2007-3781.dpatch: fix to enforce access privileges (sql_parse.cc, handler.h, sql_yacc.yy) * debian/control: Build-Depends on bison * References CVE-2007-5925 CVE-2007-5969 CVE-2007-6304 CVE-2007-3781 LP #172260 Files: a29baedbd28f9bda6ac5954b781ee61c 1422674 libs optional libmysqlclient15off_5.0.22-0ubuntu6.06.6_amd64.deb 7f68410d71f3352824a1e39eadebc419 6726240 libdevel optional libmysqlclient15-dev_5.0.22-0ubuntu6.06.6_amd64.deb 79e7fe07f1b5273fb6e2f72484e87e1d 6895744 misc optional mysql-client-5.0_5.0.22-0ubuntu6.06.6_amd64.deb e59ef66c1407e0a90a7da496e31d4c0b 22491720 misc optional mysql-server-5.0_5.0.22-0ubuntu6.06.6_amd64.deb 2c6ad99d9e4eb87eb14fbfb5d8393369 22366 raw-translations - mysql-dfsg-5.0_5.0.22-0ubuntu6.06.6_amd64_translations.tar.gz 9d83b3ee9699068105f6fcc0d98f6975 1501962 libs optional libmysqlclient15off_5.0.22-0ubuntu6.06.6_hppa.deb a50cee34e6fa875e08cf522416dc66a9 7339808 libdevel optional libmysqlclient15-dev_5.0.22-0ubuntu6.06.6_hppa.deb 0614be59d2bc794e016dc45359d9a840 7327270 misc optional mysql-client-5.0_5.0.22-0ubuntu6.06.6_hppa.deb 88fa9e962057974360c61ae85985f436 23571856 misc optional mysql-server-5.0_5.0.22-0ubuntu6.06.6_hppa.deb 987b58c69006169c871996f85b150bed 22365 raw-translations - mysql-dfsg-5.0_5.0.22-0ubuntu6.06.6_hppa_translations.tar.gz 3b28fd6e3093d53825d62f2c1c426c32 40312 misc optional mysql-common_5.0.22-0ubuntu6.06.6_all.deb 4bd41396ac1894731767c88e8f9c8232 37770 misc optional mysql-server_5.0.22-0ubuntu6.06.6_all.deb 2915fa7c33ff76a2e183816418bcded0 37754 misc optional mysql-client_5.0.22-0ubuntu6.06.6_all.deb 3ae36b6ed7eeb21cf07eeb70fc9e53b7 1383144 libs optional libmysqlclient15off_5.0.22-0ubuntu6.06.6_i386.deb 01f928a13794100da0550c5b1b3cec2b 6140278 libdevel optional libmysqlclient15-dev_5.0.22-0ubuntu6.06.6_i386.deb 7e242e531b9dd0118a489f4116eeb0f5 6278624 misc optional mysql-client-5.0_5.0.22-0ubuntu6.06.6_i386.deb a4ef0a9c708a185699459bbd45607ee7 21349884 misc optional mysql-server-5.0_5.0.22-0ubuntu6.06.6_i386.deb 1e976eb29c561e7f3998cdb104e6ccd8 22362 raw-translations - mysql-dfsg-5.0_5.0.22-0ubuntu6.06.6_i386_translations.tar.gz de3d938d4305335747a42a8c650d9bfe 1571360 libs optional libmysqlclient15off_5.0.22-0ubuntu6.06.6_ia64.deb 0878ed73d3fb3c48a9c970234574624e 8873204 libdevel optional libmysqlclient15-dev_5.0.22-0ubuntu6.06.6_ia64.deb edf6996122083333e35d010038c94371 9521614 misc optional mysql-client-5.0_5.0.22-0ubuntu6.06.6_ia64.deb 340bf434a1a493dff3133ec48a123a49 27017824 misc optional mysql-server-5.0_5.0.22-0ubuntu6.06.6_ia64.deb 4ae30d881cf7c67fdcd80df3becd0b1a 22365 raw-translations - mysql-dfsg-5.0_5.0.22-0ubuntu6.06.6_ia64_translations.tar.gz edd6bb6971756d067112dd6c26a86001 1463000 libs optional libmysqlclient15off_5.0.22-0ubuntu6.06.6_powerpc.deb 38ba7a79cd5e5169026da0e270882e6e 6883962 libdevel optional libmysqlclient15-dev_5.0.22-0ubuntu6.06.6_powerpc.deb bf394436feb776a8aeda5b16457c5f3c 6941234 misc optional mysql-client-5.0_5.0.22-0ubuntu6.06.6_powerpc.deb 99dcc9a353254c143856e395305bd101 22704566 misc optional mysql-server-5.0_5.0.22-0ubuntu6.06.6_powerpc.deb 173b7a9e1ba80d2457c2844d680268ff 22364 raw-translations - mysql-dfsg-5.0_5.0.22-0ubuntu6.06.6_powerpc_translations.tar.gz 7aa7ca42455917698c49302d539892a8 1114 misc optional mysql-dfsg-5.0_5.0.22-0ubuntu6.06.6.dsc 40e1d18994ea5a2e16ccf3eef8c0a911 141921 misc optional mysql-dfsg-5.0_5.0.22-0ubuntu6.06.6.diff.gz 8c26a0b526c03e9c1047142a25d8807f 1435102 libs optional libmysqlclient15off_5.0.22-0ubuntu6.06.6_sparc.deb 4b323e0bc9352197a2591359a34aa807 6432404 libdevel optional libmysqlclient15-dev_5.0.22-0ubuntu6.06.6_sparc.deb 95f61eb52cd6d8cddf43fb44b322021c 6537102 misc optional mysql-client-5.0_5.0.22-0ubuntu6.06.6_sparc.deb edcc3bed7c9ac7c2790edf7cded3e649 21971462 misc optional mysql-server-5.0_5.0.22-0ubuntu6.06.6_sparc.deb a7f3b27420fc6b6b86f9d10215c3f1e1 22367 raw-translations - mysql-dfsg-5.0_5.0.22-0ubuntu6.06.6_sparc_translations.tar.gz