Ubuntu
mysql-dfsg-5.1 package

mysql-dfsg-5.1 5.1.41-3ubuntu12.7 source package in Ubuntu

Changelog

mysql-dfsg-5.1 (5.1.41-3ubuntu12.7) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via UPGRADE DATA DIRECTORY NAME
    command
    - debian/patches/60_CVE-2010-2008.dpatch: correctly filter prefixes
      and paths in sql/table.cc, sql/sql_table.cc, sql/mysql_priv.h.
      Add tests to mysql-test/*.
    - CVE-2010-2008
  * SECURITY UPDATE: denial of service via joins involving a table with a
    unique SET column
    - debian/patches/60_CVE-2010-3677.dpatch: improve logic in
      sql/item_cmpfunc.cc. Add tests to mysql-test/*.
    - CVE-2010-3677
  * SECURITY UPDATE: denial of service via incorrect handling of NULL
    arguments
    - debian/patches/60_CVE-2010-3678.dpatch: make sure items are valid in
      sql/item_cmpfunc.cc. Add tests to mysql-test/*.
    - CVE-2010-3678
  * SECURITY UPDATE: denial of service via malformed argument to the BINLOG
    statement
    - debian/patches/60_CVE-2010-3679.dpatch: check lengths in
      sql/sql_binlog.cc. Add tests to mysql-test/*.
    - CVE-2010-3679
  * SECURITY UPDATE: denial of service via TEMPORARY InnoDB tables with
    nullable columns
    - debian/patches/60_CVE-2010-3680.dpatch: check for null datatype in
      storage/{innobase,innodb_plugin}/handler/ha_innodb.cc. Add tests to
      mysql-test/*.
    - CVE-2010-3680
  * SECURITY UPDATE: denial of service via alternate reads from two indexes
    on a table using the HANDLER interface
    - debian/patches/60_CVE-2010-3681.dpatch: check for the same index in
      sql/sql_handler.cc. Add tests to mysql-test/*.
    - CVE-2010-3681
  * SECURITY UPDATE: denial of service via use of EXPLAIN with certain
    queries
    - debian/patches/60_CVE-2010-3682.dpatch: improve conditional in
      sql/sql_select.cc. Add tests to mysql-test/*.
    - CVE-2010-3682
  * SECURITY UPDATE: denial of service and incorrect error handling in
    LOAD DATA INFILE.
    - debian/patches/60_CVE-2010-3683.dpatch: check for errors in
      sql/sql_load.cc. Don't print error on server in sql/net_serv.cc.
      Add tests to mysql-test/*.
    - CVE-2010-3683
  * SECURITY UPDATE: denial of service via incorrect propagation of type
    errors.
    - debian/patches/60_CVE-2010-3833.dpatch: properly check for execution
      errors in sql/item_func.cc. Add tests to mysql-test/*.
    - CVE-2010-3833
  * SECURITY UPDATE: denial of service via derived table materializing.
    - debian/patches/60_CVE-2010-3834.dpatch: handle temporary tables in
      sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*.
    - CVE-2010-3834
  * SECURITY UPDATE: denial of service via user-variable assignment
    expression.
    - debian/patches/60_CVE-2010-3835.dpatch: fix logic in sql/item_func.*,
      Add tests to mysql-test/*.
    - CVE-2010-3835
  * SECURITY UPDATE: denial of service via pre-evaluation of LIKE
    predicates during view preparation.
    - debian/patches/60_CVE-2010-3836.dpatch: make sure we're not in view
      preparation mode in sql/item_cmpfunc.cc. Add tests to mysql-test/*.
    - CVE-2010-3836
  * SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and
    WITH ROLLUP together.
    - debian/patches/60_CVE-2010-3837.dpatch: create a copy of the order
      structures in sql/item_sum.cc, sql/table.h. Add tests to
      mysql-test/*.
    - CVE-2010-3837
  * SECURITY UPDATE: denial of service via longblob and union or update
    with subquery.
    - debian/patches/60_CVE-2010-3838.dpatch: handle REAL_RESULT in
      sql/item_func.cc. Add tests to mysql-test/*.
    - CVE-2010-3838
  * SECURITY UPDATE: denial of service via certain queries with nested
    joins.
    - debian/patches/60_CVE-2010-3839.dpatch: fix nesting in
      sql/sql_select.cc. Add tests to mysql-test/*.
    - CVE-2010-3839
  * SECURITY UPDATE: denial of service via PolyFromWKB() function and
    improper data.
    - debian/patches/60_CVE-2010-3840.dpatch: improve data handling in
      sql/spatial.cc. Add tests to mysql-test/*.
    - CVE-2010-3840
  * debian/patches/61_disable_longfilename_test.dpatch: disable the
    partition_rename_longfilename test as it fails when building with
    sbuild and schroots.
 -- Marc Deslauriers <email address hidden>   Tue, 09 Nov 2010 13:02:13 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Lucid
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
database
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
mysql-dfsg-5.1_5.1.41.orig.tar.gz 19.0 MiB dc03e1bfd11a79f87e0fbcad53f97892e5d987425f5e5f63c960a5d1510767c1
mysql-dfsg-5.1_5.1.41-3ubuntu12.7.diff.gz 333.5 KiB 4306c7201b0edb26fd941fb771290e8bfbf1af0812027317d8d220629daaadeb
mysql-dfsg-5.1_5.1.41-3ubuntu12.7.dsc 2.5 KiB b1fb8d6f8489a5a76f3f7c907e982bc4b9ef4d91b321db20f65b875231c45a1d

View changes file

Binary packages built by this source

libmysqlclient-dev: No summary available for libmysqlclient-dev in ubuntu lucid.

No description available for libmysqlclient-dev in ubuntu lucid.

libmysqlclient16: No summary available for libmysqlclient16 in ubuntu lucid.

No description available for libmysqlclient16 in ubuntu lucid.

libmysqlclient16-dev: No summary available for libmysqlclient16-dev in ubuntu lucid.

No description available for libmysqlclient16-dev in ubuntu lucid.

libmysqld-dev: No summary available for libmysqld-dev in ubuntu lucid.

No description available for libmysqld-dev in ubuntu lucid.

libmysqld-pic: No summary available for libmysqld-pic in ubuntu lucid.

No description available for libmysqld-pic in ubuntu lucid.

mysql-client: No summary available for mysql-client in ubuntu lucid.

No description available for mysql-client in ubuntu lucid.

mysql-client-5.1: No summary available for mysql-client-5.1 in ubuntu lucid.

No description available for mysql-client-5.1 in ubuntu lucid.

mysql-client-core-5.1: No summary available for mysql-client-core-5.1 in ubuntu lucid.

No description available for mysql-client-core-5.1 in ubuntu lucid.

mysql-common: No summary available for mysql-common in ubuntu lucid.

No description available for mysql-common in ubuntu lucid.

mysql-server: No summary available for mysql-server in ubuntu lucid.

No description available for mysql-server in ubuntu lucid.

mysql-server-5.1: No summary available for mysql-server-5.1 in ubuntu lucid.

No description available for mysql-server-5.1 in ubuntu lucid.

mysql-server-core-5.1: No summary available for mysql-server-core-5.1 in ubuntu lucid.

No description available for mysql-server-core-5.1 in ubuntu lucid.

mysql-testsuite: No summary available for mysql-testsuite in ubuntu lucid.

No description available for mysql-testsuite in ubuntu lucid.