mysql-dfsg-5.0 5.0.24a-9ubuntu2.4 source package in Ubuntu

Changelog

mysql-dfsg-5.0 (5.0.24a-9ubuntu2.4) edgy-security; urgency=low

  * no change build for -security upload

mysql-dfsg-5.0 (5.0.24a-9ubuntu2.3) edgy-proposed; urgency=low

  * SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in
    handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
  * SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
  * debian/patches/99_SECURITY_CVE-2008-0226_0227.dpatch: properly verify
    length of input (LP: #186978).
  * SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY
    DEFINER VIEW and ALTER VIEW statements
  * debian/patches/100_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer
    is non-NULL in sql_view.cc (LP: #185039). This patch also fixes upstream
    bug #21080, which was needed to keep VIEW definitions in sync.
  * SECURITY UPDATE: denial of service via crafted EXPLAIN SELECT FROM on the
    INFORMATION_SCHEMA table
  * debian/patches/101_SECURITY_CVE-2006-7232.dpatch: make sure
    thd->lex-describe is non-NULL in sql_select.cc (LP: #161127)
  * debian/patches/102_view_fix-now.dpatch: update view.test and view.result to
    use a static year instead of now(). These tests are not part of the build
    but helps with qa-regression-testing
  * SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored
    routines
  * debian/patches/103_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access
    when returning from stored routine by performing privilege checks in the
    execution stage rather than the parsing stage.
  * References
    CVE-2008-0226
    CVE-2008-0227
    CVE-2007-6303
    CVE-2006-7232
    CVE-2007-2692
    http://bugs.mysql.com/bug.php?id=27337
    http://bugs.mysql.com/bug.php?id=21080

 -- Jamie Strandboge <email address hidden>   Wed, 19 Mar 2008 15:15:59 -0400

Upload details

Uploaded by:
Jamie Strandboge on 2008-03-20
Uploaded to:
Edgy
Original maintainer:
Christian Hammers
Component:
main
Architectures:
any
Section:
misc
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
mysql-dfsg-5.0_5.0.24a.orig.tar.gz 17.8 MiB 9641fcc4f34b4a2651d1aabb3b72a971
mysql-dfsg-5.0_5.0.24a-9ubuntu2.4.diff.gz 151.1 KiB ab96448b7abcb125d8d5ebebe42907ea
mysql-dfsg-5.0_5.0.24a-9ubuntu2.4.dsc 1.1 KiB c8e843e37f3e922c1b86ae97ea3bfc54

View changes file

Binary packages built by this source

libmysqlclient15-dev: No summary available for libmysqlclient15-dev in ubuntu edgy.

No description available for libmysqlclient15-dev in ubuntu edgy.

libmysqlclient15off: No summary available for libmysqlclient15off in ubuntu edgy.

No description available for libmysqlclient15off in ubuntu edgy.

mysql-client: No summary available for mysql-client in ubuntu edgy.

No description available for mysql-client in ubuntu edgy.

mysql-client-5.0: No summary available for mysql-client-5.0 in ubuntu edgy.

No description available for mysql-client-5.0 in ubuntu edgy.

mysql-common: No summary available for mysql-common in ubuntu edgy.

No description available for mysql-common in ubuntu edgy.

mysql-server: No summary available for mysql-server in ubuntu edgy.

No description available for mysql-server in ubuntu edgy.

mysql-server-5.0: No summary available for mysql-server-5.0 in ubuntu edgy.

No description available for mysql-server-5.0 in ubuntu edgy.