-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2007-12-19 11:55:51 UTC
-
Revision ID:
james.westby@ubuntu.com-20071219115551-7kgjd27ywx9gwilz
Tags: 5.0.24a-9ubuntu2.2
* SECURITY UPDATE: denial of service via crafted CONTAINS operation when
using InnoDB
* debian/patches/98_SECURITY_CVE-2007-5925.dpatch: make sure innodb returns
error on unsupported operations (db0err.h, page0cur.h, ha_innodb.cc)
* SECURITY UPDATE: privilege escalation using symlinks when using DATA
DIRECTORY and INDEX DIRECTORY options via a RENAME TABLE statement
* debian/patches/98_SECURITY_CVE-2007-5969.dpatch: fix for my_symlink2.c to
properly check symlinks when performing a rename operation
* SECURITY UPDATE: denial of service via SHOW TABLE STATUS query in
federated engine
* debian/patches/98_SECURITY_CVE-2007-6304.dpatch: fix for ha_federated.cc
to to return error if the response doesn't have enough columns
* SECURITY UPDATE: information disclosure when using CREATE TABLE LIKE
statements
* debian/patches/98_SECURITY_CVE-2007-3781.dpatch: fix to enforce access
privileges (sql_parse.cc, handler.h, sql_yacc.yy)
* debian/control: Build-Depends on bison
* References
CVE-2007-5925
CVE-2007-5969
CVE-2007-6304
CVE-2007-3781
LP #172260