Bug#455737: [debian-mysql] Bug#455737: more CVEs
Am Dienstag, den 11.12.2007, 20:08 +0100 schrieb Steffen Joeris: CVE-2007-5968: This CVE was rejected, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5968 Norbert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#455737: [debian-mysql] Bug#455737: Bug#455737: more CVEs
Am Mittwoch, den 12.12.2007, 10:08 +0100 schrieb Norbert Tretkowski: Am Dienstag, den 11.12.2007, 20:08 +0100 schrieb Steffen Joeris: CVE-2007-5968: This CVE was rejected, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5968 It's still an issue, but doesn't affect 5.0.x. Norbert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#455737: [debian-mysql] Bug#455737: Bug#455737: more CVEs
Hi, * Norbert Tretkowski [EMAIL PROTECTED] [2007-12-12 13:49]: Am Mittwoch, den 12.12.2007, 10:08 +0100 schrieb Norbert Tretkowski: Am Dienstag, den 11.12.2007, 20:08 +0100 schrieb Steffen Joeris: CVE-2007-5968: This CVE was rejected, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5968 It's still an issue, but doesn't affect 5.0.x. Thanks, we automatically get this status too in our CVE list by the daily update. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpLE1Lx6VqPn.pgp Description: PGP signature
Bug#455737: more CVEs
Hi There are two more CVEs[0][1] against mysql-dfsg-5.0. CVE-2007-5968: MySQL 5.1.x before 5.1.23 might allow attackers to gain privileges via unspecified use of the BINLOG statement in conjunction with the binlog filename, which is interpreted as an absolute path by some components of the product, and as a relative path by other components. Patch: http://lists.mysql.com/commits/37098 CVE-2007-6303: MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. Patch: http://bugs.mysql.com/bug.php?id=29908 Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5968 [1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6303 signature.asc Description: This is a digitally signed message part.
Bug#455737: more CVEs
Hi Patch: http://lists.mysql.com/commits/37098 Patch: http://bugs.mysql.com/bug.php?id=29908 Please rather check the full bugreports, instead of the individual commit messages, because there was more. For references: http://bugs.mysql.com/bug.php?id=28597 http://bugs.mysql.com/bug.php?id=29908 [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5968 [1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6303 Cheers Steffen signature.asc Description: This is a digitally signed message part.