-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2008-11-10 13:42:30 UTC
-
mfrom:
(14.1.3 dapper-proposed)
-
Revision ID:
james.westby@ubuntu.com-20081110134230-8horj8ukimk7jpkq
Tags: 5.0.22-0ubuntu6.06.11
* SECURITY UPDATE: denial of service via an empty bit-string literal (b'')
- debian/patches/106_SECURITY_CVE-2008-3963.dpatch: fix Item_bin_string::
Item_bin_string() in sql/item.cc to parse an empty bit-string literal
as an empty string.
- CVE-2008-3963
* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
existing table files in the data directory. This update is a complete
fix for the three CVE numbers listed below. This fix alters table creation
behaviour by disallowing the use of the MySQL data directory in DATA
DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
- debian/patches/107_SECURITY_CVE-2008-4098.dpatch: Disallow use of MySQL
data directory in DATA DIRECTORY and INDEX DIRECTORY options.
- CVE-2008-2079
- CVE-2008-4097
- CVE-2008-4098