← Back to branch summary

~ubuntu-branches/ubuntu/edgy/mysql-dfsg-5.0/edgy-security

Viewing all changes in revision 14.

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge
  • Date: 2007-10-03 15:18:46 UTC
  • mfrom: (12.1.2 edgy-updates)
  • Revision ID: james.westby@ubuntu.com-20071003151846-vu7eka1ynfpk4xt8
Tags: 5.0.24a-9ubuntu2.1
* SECURITY UPDATE: denial of service via crafted IF clause
* debian/patches/97_CVE-2007-2583.dpatch: fix sql/item_cmpfunc.cc to verify
  res is not NULL
* SECURITY UPDATE: privilege escalation
* debian/patches/97_CVE-2007-2691.dpatch: fix sql/sql_parse.cc to make sure
  DROP privileges are required when using RENAME TABLE statements
* SECURITY UPDATE: denial of service via crafted authentication request
* debian/patches/97_CVE-2007-3780.dpatch: fix sql/sql_parse.cc to not
  overflow a signed char
* SECURITY UPDATE: privilege escalation via views
* debian/patches/97_CVE-2007-3782.dpatch: fix sql/sql_prepare.cc and
  sql/sql_update.cc to properly verify access privileges to external tables
* SECURITY UPDATE: warn on startup if root mysql account has a blank
  password. debian/mysql-server-5.0.mysql.init: supply 'reset-password' and
  check blank password. Based on work by Soren Hansen.
* References
  CVE-2007-2583
  CVE-2007-2691
  CVE-2007-3780
  CVE-2007-3782
  Launchpad #119075

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: