-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2007-10-03 15:18:46 UTC
-
mfrom:
(12.1.2 edgy-updates)
-
Revision ID:
james.westby@ubuntu.com-20071003151846-vu7eka1ynfpk4xt8
Tags: 5.0.24a-9ubuntu2.1
* SECURITY UPDATE: denial of service via crafted IF clause
* debian/patches/97_CVE-2007-2583.dpatch: fix sql/item_cmpfunc.cc to verify
res is not NULL
* SECURITY UPDATE: privilege escalation
* debian/patches/97_CVE-2007-2691.dpatch: fix sql/sql_parse.cc to make sure
DROP privileges are required when using RENAME TABLE statements
* SECURITY UPDATE: denial of service via crafted authentication request
* debian/patches/97_CVE-2007-3780.dpatch: fix sql/sql_parse.cc to not
overflow a signed char
* SECURITY UPDATE: privilege escalation via views
* debian/patches/97_CVE-2007-3782.dpatch: fix sql/sql_prepare.cc and
sql/sql_update.cc to properly verify access privileges to external tables
* SECURITY UPDATE: warn on startup if root mysql account has a blank
password. debian/mysql-server-5.0.mysql.init: supply 'reset-password' and
check blank password. Based on work by Soren Hansen.
* References
CVE-2007-2583
CVE-2007-2691
CVE-2007-3780
CVE-2007-3782
Launchpad #119075