Viewing all changes in revision 19.
- Committer: Bazaar Package Importer
- Date: 2008-11-10 13:42:30 UTC
- mfrom: (14.1.3 dapper-proposed)
- Revision ID: james.westby@ubuntu.com-20081110134230-8horj8ukimk7jpkq
* SECURITY UPDATE: denial of service via an empty bit-string literal (b'')
- debian/patches/106_SECURITY_CVE-2008-3963.dpatch: fix Item_bin_string::
Item_bin_string() in sql/item.cc to parse an empty bit-string literal
as an empty string.
- CVE-2008-3963
* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
existing table files in the data directory. This update is a complete
fix for the three CVE numbers listed below. This fix alters table creation
behaviour by disallowing the use of the MySQL data directory in DATA
DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
- debian/patches/107_SECURITY_CVE-2008-4098.dpatch: Disallow use of MySQL
data directory in DATA DIRECTORY and INDEX DIRECTORY options.
- CVE-2008-2079
- CVE-2008-4097
- CVE-2008-4098
- debian/patches/106_SECURITY_CVE-2008-3963.dpatch: fix Item_bin_string::
Item_bin_string() in sql/item.cc to parse an empty bit-string literal
as an empty string.
- CVE-2008-3963
* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
existing table files in the data directory. This update is a complete
fix for the three CVE numbers listed below. This fix alters table creation
behaviour by disallowing the use of the MySQL data directory in DATA
DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
- debian/patches/107_SECURITY_CVE-2008-4098.dpatch: Disallow use of MySQL
data directory in DATA DIRECTORY and INDEX DIRECTORY options.
- CVE-2008-2079
- CVE-2008-4097
- CVE-2008-4098
expand all
collapse all
added
removed
