STATUS UPDATE CVE-2007-2692 is not fixed in Debian Etch (and therefore the patch can't be used in Ubuntu releases). DSA-1413 omits part of the patch to sql/sql_db.cc and the test cases. If use the test cases from http://lists.mysql.com/commits/23650 against Etch, then it shows that Etch is still vulnerable. MDKSA-2007:243 does not address CVE-2007-2692. Investigating proper fix.
-- [mysql] multiple vulnerabilities https://bugs.launchpad.net/bugs/172260 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
