-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2010-06-06 23:45:00 UTC
-
Revision ID:
james.westby@ubuntu.com-20100606234500-lej0f8j15dt1aj7g
Tags: 5.0.22-0ubuntu6.06.14
* SECURITY UPDATE: privilege check bypass via crafted table name argument
to COM_FIELD_LIST
- debian/patches/111_CVE-2010-1848.dpatch: check table name in
sql/sql_parse.cc, Add tests to tests/mysql_client_test.c.
- CVE-2010-1848
* SECURITY UPDATE: denial of service via large packets
- debian/patches/110_CVE-2010-1849.dpatch: handle big packets in
sql/sql_parse.cc, include/mysql_com.h, sql/net_serv.cc.
- CVE-2010-1849
* SECURITY UPDATE: arbitrary code execution via crafted table name
argument to COM_FIELD_LIST
- debian/patches/109_CVE-2010-1850.dpatch: check table name length in
sql/sql_parse.cc.
- CVE-2010-1850
* SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack
- debian/patches/112_CVE-2010-1626.dpatch: check for symlinks in
myisam/mi_delete_table.c.
- CVE-2010-1626