mysql-dfsg-5.0 5.0.22-0ubuntu6.06.8 source package in Ubuntu
Changelog
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.8) dapper-security; urgency=low
* no change build for -security upload
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.7) dapper-proposed; urgency=low
* SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in
handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
* SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
* debian/patches/99_SECURITY_CVE-2008-0226_0227.dpatch: properly verify
length of input (LP: #186978). Note that while this patch is included,
mysql on Ubuntu 6.06 is not compiled with yassl enabled.
* SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY
DEFINER VIEW and ALTER VIEW statements
* debian/patches/100_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer
is non-NULL in sql_view.cc (LP: #185039). This patch also fixes upstream
bug #21080, which was needed to keep VIEW definitions in sync.
* SECURITY UPDATE: denial of service via crafted EXPLAIN SELECT FROM on the
INFORMATION_SCHEMA table
* debian/patches/101_SECURITY_CVE-2006-7232.dpatch: make sure
thd->lex-describe is non-NULL in sql_select.cc (LP: #161127)
* debian/patches/102_view_fix-now.dpatch: update view.test and view.result to
use a static year instead of now(). These tests are not part of the build
but helps with qa-regression-testing
* SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored
routines
* debian/patches/103_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access
when returning from stored routine by performing privilege checks in the
execution stage rather than the parsing stage. This patch also fixes
upstream bug #18681, which was needed to properly check view security.
* References
CVE-2008-0226
CVE-2008-0227
CVE-2007-6303
CVE-2006-7232
CVE-2007-2692
http://bugs.mysql.com/bug.php?id=27337
http://bugs.mysql.com/bug.php?id=18681
http://bugs.mysql.com/bug.php?id=21080
-- Jamie Strandboge <email address hidden> Wed, 19 Mar 2008 15:15:01 -0400
Upload details
- Uploaded by:
- Jamie Strandboge
- Uploaded to:
- Dapper
- Original maintainer:
- Christian Hammers
- Architectures:
- any
- Section:
- misc
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| mysql-dfsg-5.0_5.0.22.orig.tar.gz | 17.6 MiB | b1aa489bb44621a6b6209884a5afb3b4a92431219ca7282636f93c3e53ba2785 |
| mysql-dfsg-5.0_5.0.22-0ubuntu6.06.8.diff.gz | 150.4 KiB | f28119c0e0df01ec3b10ccd1d464b7fbcd3da45427c25d75d66855e32194678b |
| mysql-dfsg-5.0_5.0.22-0ubuntu6.06.8.dsc | 1.1 KiB | a40debe5983c114d0019055b2605f4c4a36cfeb2a2c581261396be6210c7e219 |
Binary packages built by this source
- libmysqlclient15-dev: No summary available for libmysqlclient15-dev in ubuntu dapper.
No description available for libmysqlclient1
5-dev in ubuntu dapper.
- libmysqlclient15off: No summary available for libmysqlclient15off in ubuntu dapper.
No description available for libmysqlclient15off in ubuntu dapper.
- mysql-client: No summary available for mysql-client in ubuntu dapper.
No description available for mysql-client in ubuntu dapper.
- mysql-client-5.0: No summary available for mysql-client-5.0 in ubuntu dapper.
No description available for mysql-client-5.0 in ubuntu dapper.
- mysql-common: No summary available for mysql-common in ubuntu dapper.
No description available for mysql-common in ubuntu dapper.
- mysql-server: No summary available for mysql-server in ubuntu dapper.
No description available for mysql-server in ubuntu dapper.
- mysql-server-5.0: No summary available for mysql-server-5.0 in ubuntu dapper.
No description available for mysql-server-5.0 in ubuntu dapper.
