mysql-dfsg-5.0 (5.0.67-0ubuntu6.1) intrepid-security; urgency=low
* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
existing table files in the data directory. This fix alters table creation
behaviour by disallowing the use of the MySQL data directory in DATA
DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
- debian/patches/92_CVE-2008-4098.dpatch: Disallow use of MySQL
data directory in DATA DIRECTORY and INDEX DIRECTORY options.
- CVE-2008-4098
* SECURITY UPDATE: Cross-site scripting in the command-line client
- debian/patches/92_CVE-2008-4456.dpatch: use xmlencode_print in
client/mysql.cc, add test to mysql-test/*.
- CVE-2008-4456
* SECURITY UPDATE: format string vulnerabilities in the dispatch_command
function
- debian/patches/92_CVE-2009-2446.dpatch: use correct format string in
sql/sql_parse.cc, add test to tests/mysql_client_test.c.
- CVE-2009-2446
* SECURITY UPDATE: denial of service via certain SELECT statements with
subqueries and statements that use the GeomFromWKB function
- debian/patches/92_CVE-2009-4019.dpatch: return proper errors in
sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
- CVE-2009-4019
* SECURITY UPDATE: privilege restriction bypass via incorrect calculation
of the mysql_unpacked_real_data_home value
- debian/patches/92_CVE-2009-4030.dpatch: fix initialization order in
sql/mysqld.cc.
- CVE-2009-4030
* SECURITY UPDATE: arbitrary code execution via yassl stack overflow
- debian/patches/93_CVE-2009-4484.dpatch: validate lengths in
extra/yassl/taocrypt/src/asn.*.
- CVE-2009-4484
* debian/patches/94_ssl_test_certs.dpatch: update certificates in the
test suite as they are expired. The new certs expire 2015-01-28.
(LP: #323755)
Date: Mon, 08 Feb 2010 09:00:54 -0500
Changed-By: Marc Deslauriers <[email protected]>
Maintainer: Ubuntu Core Developers <[email protected]>
https://launchpad.net/ubuntu/intrepid/+source/mysql-dfsg-5.0/5.0.67-0ubuntu6.1
Format: 1.8
Date: Mon, 08 Feb 2010 09:00:54 -0500
Source: mysql-dfsg-5.0
Binary: libmysqlclient15off libmysqlclient15-dev mysql-common mysql-client-5.0
mysql-server-5.0 mysql-server mysql-client
Architecture: source
Version: 5.0.67-0ubuntu6.1
Distribution: intrepid-security
Urgency: low
Maintainer: Ubuntu Core Developers <[email protected]>
Changed-By: Marc Deslauriers <[email protected]>
Description:
libmysqlclient15-dev - MySQL database development files
libmysqlclient15off - MySQL database client library
mysql-client - MySQL database client (metapackage depending on the latest
versio
mysql-client-5.0 - MySQL database client binaries
mysql-common - MySQL database common files
mysql-server - MySQL database server (metapackage depending on the latest
versio
mysql-server-5.0 - MySQL database server binaries
Launchpad-Bugs-Fixed: 254129 323755
Changes:
mysql-dfsg-5.0 (5.0.67-0ubuntu6.1) intrepid-security; urgency=low
.
* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
existing table files in the data directory. This fix alters table creation
behaviour by disallowing the use of the MySQL data directory in DATA
DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
- debian/patches/92_CVE-2008-4098.dpatch: Disallow use of MySQL
data directory in DATA DIRECTORY and INDEX DIRECTORY options.
- CVE-2008-4098
* SECURITY UPDATE: Cross-site scripting in the command-line client
- debian/patches/92_CVE-2008-4456.dpatch: use xmlencode_print in
client/mysql.cc, add test to mysql-test/*.
- CVE-2008-4456
* SECURITY UPDATE: format string vulnerabilities in the dispatch_command
function
- debian/patches/92_CVE-2009-2446.dpatch: use correct format string in
sql/sql_parse.cc, add test to tests/mysql_client_test.c.
- CVE-2009-2446
* SECURITY UPDATE: denial of service via certain SELECT statements with
subqueries and statements that use the GeomFromWKB function
- debian/patches/92_CVE-2009-4019.dpatch: return proper errors in
sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
- CVE-2009-4019
* SECURITY UPDATE: privilege restriction bypass via incorrect calculation
of the mysql_unpacked_real_data_home value
- debian/patches/92_CVE-2009-4030.dpatch: fix initialization order in
sql/mysqld.cc.
- CVE-2009-4030
* SECURITY UPDATE: arbitrary code execution via yassl stack overflow
- debian/patches/93_CVE-2009-4484.dpatch: validate lengths in
extra/yassl/taocrypt/src/asn.*.
- CVE-2009-4484
* debian/patches/94_ssl_test_certs.dpatch: update certificates in the
test suite as they are expired. The new certs expire 2015-01-28.
(LP: #323755)
Checksums-Sha1:
208ecaa193c47630866b35b0e6441636ace2f300 1845
mysql-dfsg-5.0_5.0.67-0ubuntu6.1.dsc
7bf5fbeccdca02fbdbbb17344113c9e94e1578c0 336351
mysql-dfsg-5.0_5.0.67-0ubuntu6.1.diff.gz
Checksums-Sha256:
8652dcb953b9c42fba81ceec29aef4e5fa3cfc7207023cb3bbc04c6eeeb26419 1845
mysql-dfsg-5.0_5.0.67-0ubuntu6.1.dsc
05e151e411cc4f0fd508876b1bde8825678e1522b757c981d773130d3eee7050 336351
mysql-dfsg-5.0_5.0.67-0ubuntu6.1.diff.gz
Files:
c2756cc5a230d0eeab3c766031df39c8 1845 misc optional
mysql-dfsg-5.0_5.0.67-0ubuntu6.1.dsc
a373771dfabdc93b4171d9478a36ea5a 336351 misc optional
mysql-dfsg-5.0_5.0.67-0ubuntu6.1.diff.gz
Original-Maintainer: Debian MySQL Maintainers
<[email protected]>
--
Intrepid-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/intrepid-changes
