Csongor, Michael: >> Maybe they're taking the MS route.
> I second this. These vulnerabilities are serious, they must be given > more attention. Apache, PHP, RedHat and so on and so on are very careful > with issues like this, all vulnerabilities/exploits are immediately > published through all possible channels. Have a look at the website of the person who uncovered the security flaw: <cite> Vendor Response 03. December 2002 Vendor was contacted by email. 04. December 2002 Vendor informs me that bugs are fixed and that they started building new packages. 12. December 2002 Vendor has released MySQL 3.23.54 which fixes these vulnerabilities. </cite> Doesn't look like the "MS way" to me. See for yourselves: http://security.e-matters.de/advisories/042002.html Regards, -- Stefan Hinz <[EMAIL PROTECTED]> CEO / Geschäftsleitung iConnect GmbH <http://iConnect.de> Heesestr. 6, 12169 Berlin (Germany) Telefon: +49 30 7970948-0 Fax: +49 30 7970948-3 ----- Original Message ----- From: "Csongor Fagyal" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 18, 2002 11:33 AM Subject: Re: MySQL security flaws uncovered > Michael She wrote: > > > It's bad for business : ) > > > > Maybe they're taking the MS route. > > I second this. These vulnerabilities are serious, they must be given > more attention. Apache, PHP, RedHat and so on and so on are very careful > with issues like this, all vulnerabilities/exploits are immediately > published through all possible channels. Yes, it is always a pain to > find out something like this, obviously the MySQL team just would like > to forget this once and for all, but doing troublesome > reinstalls/upgrades and so on is still better then getting our system > hacked. > > - Cs. > > > > > > > > > At 12:19 AM 12/18/2002 -0500, Michael Bacarella wrote: > > > >> A good question posted to another list.. > >> > >> ---- forwarded message follows ---- > >> > >> > Several vulnerabilities have been found in the MySQL database system, a > >> > light database package commonly used in Linux environments but > >> which runs > >> > also on Microsoft platforms, HP-Unix, Mac OS and more. > >> > http://zdnet.com.com/2100-1104-977958.html > >> > >> So why no mention on the MySQL.COM site? That rather bugs me. In > >> contrast, > >> sites for products like Apache or Bind are very clear about current/past > >> security issues. > >> > >> Is MySQL.COM the wrong place? > > --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php