OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 29-Jan-2003 14:34:33
Branch: HEAD Handle: 2003012913343200
Modified files:
openpkg-web/security OpenPKG-SA-2003.008-mysql.txt
Log:
final polishing and signing
Summary:
Revision Changes Path
1.2 +16 -5 openpkg-web/security/OpenPKG-SA-2003.008-mysql.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2003.008-mysql.txt
============================================================================
$ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2003.008-mysql.txt
--- openpkg-web/security/OpenPKG-SA-2003.008-mysql.txt 29 Jan 2003 12:01:18
-0000 1.1
+++ openpkg-web/security/OpenPKG-SA-2003.008-mysql.txt 29 Jan 2003 13:34:32
-0000 1.2
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
@@ -18,11 +21,12 @@
Affected Releases: Dependent Packages: none
Description:
- Vincent Danen of MandrakeSoft noticed that according to the change log
- [0] for MySQL release 3.23.55 [1] a vulnerbility has been fixed where
- a double free pointer bug in mysql_change_user() handling enabled a
- specially hacked version of MySQL client to crash mysqld. He
- extracted the fix for use in previous releases.
+ Vincent Danen of Mandrake Linux noticed that according to the change
+ log [0] for MySQL release 3.23.55 [1] a vulnerbility has been fixed
+ where a double-free pointer bug in mysql_change_user() handling
+ enabled a specially hacked version of MySQL client to crash mysqld.
+ The vendor states that one needs to successfully login to the server
+ by using a valid user account to be able to exploit this bug.
Please check whether you are affected by running "<prefix>/bin/rpm -q
mysql". If you have the "mysql" package installed and its version is
@@ -70,3 +74,10 @@
the command "gpg --verify --keyserver keyserver.pgp.com".
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQE+N9gEgHWT4GPEy58RAqygAJ99b9BRMrnG8b5/RermS5QQz08tkQCeLq3s
+e3UDxVtK5aGXWeiQvXIHVOM=
+=egoK
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
