Bug#319526: MySQL security bug in sarge (CAN-2005-1636)
hey folks, On Tue, Aug 23, 2005 at 06:23:04PM +0200, Martin Schulze wrote: Which package in unstable will fix this problem? Or is it not present in that distribution? i believe that the problem has been fixed since 4.1.12 for the sid-4.1 series, and that the the latest version of 5.0 already contains the fix. i have no idea about the status of sarge-4.0, and afaik sid-4.0 is supposed to disappear in the near future if it hasn't already. (from holidays) yes, sid-4.0, providing libmysqlclient12, is supposed to be removed as soon as there are no applications left that link against that libmysqlclient version. this sadly can take some time as RM asked to postpone the transition after gcc is done... -christian-
Bug#319526: MySQL security bug in sarge (CAN-2005-1636)
Martin Schulze wrote: Christian Hammers wrote: Hello Security Team Are you aware of this bug? The interdiff patch are already in the BTS. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319526 Applied the upstream patch that fixes a tempfile vulnerability in the mysqld_install_db script that was found by Eric Romang and allows an attacker to execute arbitrary SQL commands when the server is installed or updated. The issue is known as CAN-2005-1636, the patch was made by comparing this version against the one from 4.1.12. Thanks a lot for the update! I'll build packages, but will strip off the po file updates. Which package in unstable will fix this problem? Or is it not present in that distribution? Regards, Joey -- MIME - broken solution for a broken design. -- Ralf Baechle Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#319526: MySQL security bug in sarge (CAN-2005-1636)
hey folks, On Tue, Aug 23, 2005 at 06:23:04PM +0200, Martin Schulze wrote: Which package in unstable will fix this problem? Or is it not present in that distribution? i believe that the problem has been fixed since 4.1.12 for the sid-4.1 series, and that the the latest version of 5.0 already contains the fix. i have no idea about the status of sarge-4.0, and afaik sid-4.0 is supposed to disappear in the near future if it hasn't already. sean signature.asc Description: Digital signature
Bug#319526: MySQL security bug in sarge (CAN-2005-1636)
Christian Hammers wrote: Hello Security Team Are you aware of this bug? The interdiff patch are already in the BTS. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319526 Applied the upstream patch that fixes a tempfile vulnerability in the mysqld_install_db script that was found by Eric Romang and allows an attacker to execute arbitrary SQL commands when the server is installed or updated. The issue is known as CAN-2005-1636, the patch was made by comparing this version against the one from 4.1.12. Thanks a lot for the update! I'll build packages, but will strip off the po file updates. Regards, Joey -- The good thing about standards is that there are so many to choose from. -- Andrew S. Tanenbaum Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#319526: MySQL security bug in sarge (CAN-2005-1636)
Hello Security Team Are you aware of this bug? The interdiff patch are already in the BTS. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319526 Applied the upstream patch that fixes a tempfile vulnerability in the mysqld_install_db script that was found by Eric Romang and allows an attacker to execute arbitrary SQL commands when the server is installed or updated. The issue is known as CAN-2005-1636, the patch was made by comparing this version against the one from 4.1.12. bye, -christian- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]