Format: 1.7 Date: Wed, 19 Mar 2008 15:15:01 -0400 Source: mysql-dfsg-5.0 Binary: libmysqlclient15-dev libmysqlclient15off mysql-client mysql-client-5.0 mysql-common mysql-server mysql-server-5.0 Architecture: amd64_translations amd64 hppa_translations hppa i386_translations all i386 ia64_translations ia64 powerpc_translations powerpc source sparc_translations sparc Version: 5.0.22-0ubuntu6.06.8 Distribution: dapper-security Urgency: low Maintainer: Christian Hammers Changed-By: Jamie Strandboge Description: libmysqlclient15-dev - mysql database development files libmysqlclient15off - mysql database client library mysql-client-5.0 - mysql database client binaries mysql-server-5.0 - mysql database server binaries mysql-client - mysql database client (current version) mysql-common - mysql database common files (e.g. /etc/mysql/my.cnf) mysql-server - mysql database server (current version) Changes: mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.8) dapper-security; urgency=low . * no change build for -security upload . mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.7) dapper-proposed; urgency=low . * SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in handshake.cpp and input_buffer& operator>> in yassl_imp.cpp * SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp * debian/patches/99_SECURITY_CVE-2008-0226_0227.dpatch: properly verify length of input (LP: #186978). Note that while this patch is included, mysql on Ubuntu 6.06 is not compiled with yassl enabled. * SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements * debian/patches/100_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer is non-NULL in sql_view.cc (LP: #185039). This patch also fixes upstream bug #21080, which was needed to keep VIEW definitions in sync. * SECURITY UPDATE: denial of service via crafted EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table * debian/patches/101_SECURITY_CVE-2006-7232.dpatch: make sure thd->lex-describe is non-NULL in sql_select.cc (LP: #161127) * debian/patches/102_view_fix-now.dpatch: update view.test and view.result to use a static year instead of now(). These tests are not part of the build but helps with qa-regression-testing * SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored routines * debian/patches/103_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access when returning from stored routine by performing privilege checks in the execution stage rather than the parsing stage. This patch also fixes upstream bug #18681, which was needed to properly check view security. * References CVE-2008-0226 CVE-2008-0227 CVE-2007-6303 CVE-2006-7232 CVE-2007-2692 http://bugs.mysql.com/bug.php?id=27337 http://bugs.mysql.com/bug.php?id=18681 http://bugs.mysql.com/bug.php?id=21080 Files: e44952b82afd0b764cd4462d61510b2f 1423360 libs optional libmysqlclient15off_5.0.22-0ubuntu6.06.8_amd64.deb dd790f5dcbce8f9d2a459946298ee6f9 6727526 libdevel optional libmysqlclient15-dev_5.0.22-0ubuntu6.06.8_amd64.deb 6157f55dd2d66f5ce1ca3c6864f93ff6 6897080 misc optional mysql-client-5.0_5.0.22-0ubuntu6.06.8_amd64.deb 208ed17bc66d59499214fe923c73e429 22492504 misc optional mysql-server-5.0_5.0.22-0ubuntu6.06.8_amd64.deb d06af2e9366a4181d4861dfc15eb2596 21540 raw-translations - mysql-dfsg-5.0_5.0.22-0ubuntu6.06.8_amd64_translations.tar.gz 147e782ebfdfd5c323a82ae96c4a8e2e 1502670 libs optional libmysqlclient15off_5.0.22-0ubuntu6.06.8_hppa.deb 21cdcf2ea075ab3bb0a0d5868924a862 7341416 libdevel optional libmysqlclient15-dev_5.0.22-0ubuntu6.06.8_hppa.deb c022cfc4b6ade4439c0ff80b3e9c4b6b 7328924 misc optional mysql-client-5.0_5.0.22-0ubuntu6.06.8_hppa.deb 24cb532e6fcc7930eae7598d285b13fb 23574274 misc optional mysql-server-5.0_5.0.22-0ubuntu6.06.8_hppa.deb da7d3e74539eab56ffc218a86f6d4f99 21538 raw-translations - mysql-dfsg-5.0_5.0.22-0ubuntu6.06.8_hppa_translations.tar.gz fd1f742c531c1990eefc8f06028c343f 40978 misc optional mysql-common_5.0.22-0ubuntu6.06.8_all.deb a13b593991c0ff0112d045e4436aeb3f 38440 misc optional mysql-server_5.0.22-0ubuntu6.06.8_all.deb 8749eaaabf09f33d085c85994ff207a8 38436 misc optional mysql-client_5.0.22-0ubuntu6.06.8_all.deb 48190b45874e9a9923a00a9b6f89ac67 1383858 libs optional libmysqlclient15off_5.0.22-0ubuntu6.06.8_i386.deb 18fb4e3c6f0feb080cd9adf0a96c7c13 6141668 libdevel optional libmysqlclient15-dev_5.0.22-0ubuntu6.06.8_i386.deb c5a4cf82a4bf174d1d857caccd9e01c0 6279562 misc optional mysql-client-5.0_5.0.22-0ubuntu6.06.8_i386.deb 03334dcddd8b546b631509c01f81bdc1 21350958 misc optional mysql-server-5.0_5.0.22-0ubuntu6.06.8_i386.deb 003b28ca4215115d76f011cf0e5a6617 21538 raw-translations - mysql-dfsg-5.0_5.0.22-0ubuntu6.06.8_i386_translations.tar.gz 3a5e025b2662ab0a25b4e76e1ac473e7 1572070 libs optional libmysqlclient15off_5.0.22-0ubuntu6.06.8_ia64.deb 9abc9ab9a0053f8b11e06c9b8e75911b 8875216 libdevel optional libmysqlclient15-dev_5.0.22-0ubuntu6.06.8_ia64.deb 3ddd517782027e90634e9095ee0f954e 9526362 misc optional mysql-client-5.0_5.0.22-0ubuntu6.06.8_ia64.deb 4520f5b1835369698941d3170fadc0f3 27019006 misc optional mysql-server-5.0_5.0.22-0ubuntu6.06.8_ia64.deb 6c63393085cfd48339988a1f7f45880b 21536 raw-translations - mysql-dfsg-5.0_5.0.22-0ubuntu6.06.8_ia64_translations.tar.gz 92e0812d91b71bc2ae7beb66b2bda18b 1463710 libs optional libmysqlclient15off_5.0.22-0ubuntu6.06.8_powerpc.deb 8336b3f8c45f241a3f71f59354ab8a0e 6885298 libdevel optional libmysqlclient15-dev_5.0.22-0ubuntu6.06.8_powerpc.deb 3c0aa9ff8c8f2ef1b40fb6278a3583b2 6943888 misc optional mysql-client-5.0_5.0.22-0ubuntu6.06.8_powerpc.deb f134ac7c4e8f6cfb95cedf81e958b2df 22706084 misc optional mysql-server-5.0_5.0.22-0ubuntu6.06.8_powerpc.deb 15d629c244f2f65f11aad3904979cb2f 21545 raw-translations - mysql-dfsg-5.0_5.0.22-0ubuntu6.06.8_powerpc_translations.tar.gz 38d198b9bc8f33d842c2d357993c9f3f 1114 misc optional mysql-dfsg-5.0_5.0.22-0ubuntu6.06.8.dsc cd5be852f614715c69ac54ad2d908007 154026 misc optional mysql-dfsg-5.0_5.0.22-0ubuntu6.06.8.diff.gz 811a6464115be73b44abb70f02a1df3f 1435808 libs optional libmysqlclient15off_5.0.22-0ubuntu6.06.8_sparc.deb 11eda57c1f28e9cd0e2b14772403ca25 6433816 libdevel optional libmysqlclient15-dev_5.0.22-0ubuntu6.06.8_sparc.deb 4c0acdb408fb02ec5660ecccf500354d 6540022 misc optional mysql-client-5.0_5.0.22-0ubuntu6.06.8_sparc.deb 4264cbb8642ce2e8adca9e47dd5a19f9 21972800 misc optional mysql-server-5.0_5.0.22-0ubuntu6.06.8_sparc.deb 741de07725e2190117160b08dbfee984 21537 raw-translations - mysql-dfsg-5.0_5.0.22-0ubuntu6.06.8_sparc_translations.tar.gz