Your message dated Wed, 12 Dec 2007 22:47:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#455737: fixed in mysql-dfsg-5.0 5.0.45-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: mysql-dfsg-5.0
Severity: important
Tags: security
Hi
The following CVE[0] has been issued against mysql-dfsg-5.0.
CVE-2007-6304:
The federated engine in MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23,
and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS
query, does not properly handle a response with a small number of
columns, which allows remote MySQL servers to cause a denial of service
(federated handler crash and daemon crash) via a response that lacks the
minimum required number of columns.
Prepared patch can be found here[1].
Cheers
Steffen
[0]: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6304
[1]: http://klecker.debian.org/~white/mysql/CVE-2007-6304.patch
--- End Message ---
--- Begin Message ---
Source: mysql-dfsg-5.0
Source-Version: 5.0.45-5
We believe that the bug you reported is fixed in the latest version of
mysql-dfsg-5.0, which is due to be installed in the Debian FTP archive:
libmysqlclient15-dev_5.0.45-5_i386.deb
to pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.45-5_i386.deb
libmysqlclient15off_5.0.45-5_i386.deb
to pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.45-5_i386.deb
mysql-client-5.0_5.0.45-5_i386.deb
to pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.45-5_i386.deb
mysql-client_5.0.45-5_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.45-5_all.deb
mysql-common_5.0.45-5_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.45-5_all.deb
mysql-dfsg-5.0_5.0.45-5.diff.gz
to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.45-5.diff.gz
mysql-dfsg-5.0_5.0.45-5.dsc
to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.45-5.dsc
mysql-server-5.0_5.0.45-5_i386.deb
to pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.45-5_i386.deb
mysql-server_5.0.45-5_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.45-5_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Norbert Tretkowski <[EMAIL PROTECTED]> (supplier of updated mysql-dfsg-5.0
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 12 Dec 2007 20:23:43 +0100
Source: mysql-dfsg-5.0
Binary: libmysqlclient15-dev mysql-client mysql-client-5.0 mysql-server
mysql-server-5.0 mysql-common libmysqlclient15off
Architecture: source all i386
Version: 5.0.45-5
Distribution: unstable
Urgency: high
Maintainer: Debian MySQL Maintainers <[EMAIL PROTECTED]>
Changed-By: Norbert Tretkowski <[EMAIL PROTECTED]>
Description:
libmysqlclient15-dev - MySQL database development files
libmysqlclient15off - MySQL database client library
mysql-client - MySQL database client (meta package depending on the latest
versi
mysql-client-5.0 - MySQL database client binaries
mysql-common - MySQL database common files
mysql-server - MySQL database server (meta package depending on the latest
versi
mysql-server-5.0 - MySQL database server binaries
Closes: 455737
Changes:
mysql-dfsg-5.0 (5.0.45-5) unstable; urgency=high
.
* SECURITY:
Fix for CVE-2007-6303: ALTER VIEW retained the original DEFINER value,
even when altered by another user, which could allow that user to gain the
access rights of the view. Now ALTER VIEW is allowed only to the original
definer or users with the SUPER privilege. (closes: #455737)
* SECURITY:
Fix for CVE-2007-6304: When using a FEDERATED table, the local server can
be forced to crash if the remote server returns a result with fewer columns
than expected.
Files:
2c53cd7bd6cbbde794e810db4a248e6f 1231 misc optional mysql-dfsg-5.0_5.0.45-5.dsc
503d72234928931d4ca573051d7959e6 296015 misc optional
mysql-dfsg-5.0_5.0.45-5.diff.gz
9fa8ddb68a867d9f8c9131fb8b22593b 56254 misc optional
mysql-common_5.0.45-5_all.deb
2b9d29775ce84dd5a3726857774d33d8 50318 misc optional
mysql-server_5.0.45-5_all.deb
7fa687696878f4849f660773690936b8 48124 misc optional
mysql-client_5.0.45-5_all.deb
fbcd4f064f9147682c45155672bb7462 1848620 libs optional
libmysqlclient15off_5.0.45-5_i386.deb
0f96c1ad09bab12a4886ba8155f7ee23 6995866 libdevel optional
libmysqlclient15-dev_5.0.45-5_i386.deb
38c991a2b190f40fdfe34c219235bedd 7512830 misc optional
mysql-client-5.0_5.0.45-5_i386.deb
dc92b9cc6adab9d8e3a0e433782f5510 26698290 misc optional
mysql-server-5.0_5.0.45-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHYF7Fr/RnCw96jQERAgZRAKCPKbUFmON2qhRA0TZ7sGl6pp2THQCgqAV2
4VMTH0aTEgKn/LSmm3nvtdQ=
=/H1I
-----END PGP SIGNATURE-----
--- End Message ---
