-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 18 Dec 2002, Csongor Fagyal wrote:
> Michael She wrote: > > > It's bad for business : ) > > Maybe they're taking the MS route. > > I second this. These vulnerabilities are serious, they must be given > more attention. Apache, PHP, RedHat and so on and so on are very careful > with issues like this, all vulnerabilities/exploits are immediately > published through all possible channels. Yes, it is always a pain to > find out something like this, obviously the MySQL team just would like > to forget this once and for all, but doing troublesome > reinstalls/upgrades and so on is still better then getting our system > hacked. No, this is definately not the case. As I've written in a separate message, we immediately reacted and released 3.23.54 to resolve this issue. The security problem was clearly mentioned in the release announcement that was posted to our announce mailing list: http://lists.mysql.com/cgi-ez/ezmlm-cgi?2:mss:144:200212:cedhfgmdkobfodelamkh But I fully agree - in this case the release announcement should have been put up on the web site as well. This was an error on our side and it will not happen again. We will send out another (more public) announcement later today, which will also be put up on the web pages. Bye, LenZ - -- For technical support contracts, visit https://order.mysql.com/?ref=mlgr __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Mr. Lenz Grimmer <[EMAIL PROTECTED]> / /|_/ / // /\ \/ /_/ / /__ MySQL AB, Production Engineer /_/ /_/\_, /___/\___\_\___/ Hamburg, Germany <___/ www.mysql.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+AG9dSVDhKrJykfIRAnvDAJ9gmSFlvz5s5Uj+KJryW/xRjUeOiwCfUXsr SQosoQaAyX/msQye8itk12k= =dPgn -----END PGP SIGNATURE----- --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php