Accepted mysql 3.23.49-8.10 (arm all source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 18 Mar 2005 01:34:24 +0100
Source: mysql
Binary: mysql-common libmysqlclient10 mysql-server mysql-client libmysqlclient10-dev
Architecture: source arm all
Version: 3.23.49-8.10
Distribution: stable-security
Urgency: low
Maintainer: Martin Schulze <joey@debian.org>
Changed-By: Christian Hammers <ch@debian.org>
Description:
libmysqlclient10 - mysql database client library
libmysqlclient10-dev - mysql database development files
mysql-client - mysql database client binaries
mysql-common - mysql database common files (e.g. /etc/mysql/my.cnf)
mysql-server - mysql database server binaries
Closes: 285276 296674 300158
Changes:
mysql (3.23.49-8.10) stable-security; urgency=low
.
* Maintainer prepared version, uploaded by the Security Team.
* Applied patch for a bug that wrongly interpreted '_' in
conjunction with the GRANT PRIVILEGES command as wildcard instead as
literal character giving an unprivileged mysql user the possibility
to grant himself rights on tables he has no privileges on.
[CAN-2004-0957, http://bugs.mysql.com/3933]
(Thanks to Sean Finney for creating the patch from the RedHat backporting
and the MySQL bitkeeper changeset). Closes: #285276, #296674
* Stefano Di Paola found the following vulnerabilities:
- Remote authenticated users with INSERT and DELETE privileges could
execute arbitrary code by using CREATE FUNCTION to access libc calls,
as demonstrated byusing strcat, on_exit, and exit. [CAN-2005-0709]
- Remote authenticated users with INSERT and DELETE privileges could
bypass library path restrictions and execute arbitrary libraries by
using INSERT INTO to modify the mysql.func table, which is processed
by the udf_init function. [CAN-2005-0710]
- Predictable file names were used when creating temporary tables, which
allowed local users with CREATE TEMPORARY TABLE privileges to overwrite
arbitrary files via a symlink attack. [CAN-2005-0711]
Closes: #300158
Files:
b828baffc0cf2db7ccefd2e6808b9142 877 misc optional mysql_3.23.49-8.10.dsc
0943aefc59bf43450a42f111456e5804 84286 misc optional mysql_3.23.49-8.10.diff.gz
2440c1f548700ec24f2d8126a5846013 17984 misc optional mysql-common_3.23.49-8.10_all.deb
2e4c00a1e73b331849c41f94cbb12f1b 239754 libs optional libmysqlclient10_3.23.49-8.10_arm.deb
77c50cdc18e6af6adb563b5a91342037 636314 devel optional libmysqlclient10-dev_3.23.49-8.10_arm.deb
6989effe42b089365ee493cf0d429554 125034 misc optional mysql-client_3.23.49-8.10_arm.deb
e2ffc920591b0f4705e4fdb3b57e890e 2808222 misc optional mysql-server_3.23.49-8.10_arm.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCTZ3jW5ql+IAeqTIRAqmuAKCtlbLO+26UXpiHnWhWx7rw+9xjqACfTS+O
F8xy9ygYCKHV5JgOdQPAELA=
=QZdp
-----END PGP SIGNATURE-----
Accepted:
libmysqlclient10-dev_3.23.49-8.10_arm.deb
to pool/main/m/mysql/libmysqlclient10-dev_3.23.49-8.10_arm.deb
libmysqlclient10_3.23.49-8.10_arm.deb
to pool/main/m/mysql/libmysqlclient10_3.23.49-8.10_arm.deb
mysql-client_3.23.49-8.10_arm.deb
to pool/main/m/mysql/mysql-client_3.23.49-8.10_arm.deb
mysql-common_3.23.49-8.10_all.deb
to pool/main/m/mysql/mysql-common_3.23.49-8.10_all.deb
mysql-server_3.23.49-8.10_arm.deb
to pool/main/m/mysql/mysql-server_3.23.49-8.10_arm.deb
mysql_3.23.49-8.10.diff.gz
to pool/main/m/mysql/mysql_3.23.49-8.10.diff.gz
mysql_3.23.49-8.10.dsc
to pool/main/m/mysql/mysql_3.23.49-8.10.dsc
--
To UNSUBSCRIBE, email to debian-changes-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org