Package: mysql-server-4.1 Version: 4.1.11a-4sarge5 Severity: grave Tags: security patch
Hello MySQL today announced a new upstream version for mysql-server-4.1 that fixes a security problem: Security fix: If a user has access to MyISAM table t, that user can create a MERGE table m that accesses t. However, if the user's privileges on t are subsequently revoked, the user can continue to access t by doing so through m. If this behavior is undesirable, you can start the server with the new --skip-merge option to disable the MERGE storage engine. http://bugs.mysql.com/bug.php?id=15195 The bug affects 3.23 woody 4.0 sarge 4.1 sarge 5.0 unstable although in 3.23 and 4.0 it's even more unlikely as merge tables couldn't even span databases i.e. table based rights would have to be revoked. Does this justify a DSA? If so, can you register a CVE id? bye, -christian- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
