Christian Hammers wrote:
> Hello Security Team
>
> Are you aware of this bug? The "interdiff" patch are already in the BTS.
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319526
> Applied the upstream patch that fixes a tempfile vulnerability in the
> mysqld_install_db script that was found by Eric Romang and allows an
> attacker to execute arbitrary SQL commands when the server is installed
> or updated. The issue is known as CAN-2005-1636, the patch was made by
> comparing this version against the one from 4.1.12.
Thanks a lot for the update!
I'll build packages, but will strip off the po file updates.
Regards,
Joey
--
The good thing about standards is that there are so many to choose from.
-- Andrew S. Tanenbaum
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]