: Code : mysql-dfsg package : Ubuntu

Ubuntu
mysql-dfsg package

Name	Status	Last Modified	Last Commit
lp:ubuntu/feisty/mysql-dfsg	1 Development	2009-09-29 02:06:28 UTC 2009-09-29	2. * SECURITY UPDATE: Fix privilege esca... Author: Martin Pitt Revision Date: 2005-09-09 17:52:31 UTC * SECURITY UPDATE: Fix privilege escalation. * Add debian/patches/52_CAN-2005-2558_init_syms_functionnames.dpatch: - Declare function name buffer to be big enough for the maximum possible function name to avoid buffer overflow. This could be exploited only by users who have the privilege to create functions. * References: CAN-2005-2558 http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/035845.html http://bugs.debian.org/322133 Ubuntu #13675
lp:ubuntu/edgy/mysql-dfsg	1 Development	2009-09-29 02:05:49 UTC 2009-09-29	2. * SECURITY UPDATE: Fix privilege esca... Author: Martin Pitt Revision Date: 2005-09-09 17:52:31 UTC * SECURITY UPDATE: Fix privilege escalation. * Add debian/patches/52_CAN-2005-2558_init_syms_functionnames.dpatch: - Declare function name buffer to be big enough for the maximum possible function name to avoid buffer overflow. This could be exploited only by users who have the privilege to create functions. * References: CAN-2005-2558 http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/035845.html http://bugs.debian.org/322133 Ubuntu #13675
lp:ubuntu/dapper/mysql-dfsg	2 Mature	2009-09-29 02:05:13 UTC 2009-09-29	2. * SECURITY UPDATE: Fix privilege esca... Author: Martin Pitt Revision Date: 2005-09-09 17:52:31 UTC * SECURITY UPDATE: Fix privilege escalation. * Add debian/patches/52_CAN-2005-2558_init_syms_functionnames.dpatch: - Declare function name buffer to be big enough for the maximum possible function name to avoid buffer overflow. This could be exploited only by users who have the privilege to create functions. * References: CAN-2005-2558 http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/035845.html http://bugs.debian.org/322133 Ubuntu #13675
lp:ubuntu/breezy/mysql-dfsg	1 Development	2009-09-29 02:04:33 UTC 2009-09-29	2. * SECURITY UPDATE: Fix privilege esca... Author: Martin Pitt Revision Date: 2005-09-09 17:52:31 UTC * SECURITY UPDATE: Fix privilege escalation. * Add debian/patches/52_CAN-2005-2558_init_syms_functionnames.dpatch: - Declare function name buffer to be big enough for the maximum possible function name to avoid buffer overflow. This could be exploited only by users who have the privilege to create functions. * References: CAN-2005-2558 http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/035845.html http://bugs.debian.org/322133 Ubuntu #13675
lp:ubuntu/hoary/mysql-dfsg	1 Development	2009-09-29 02:03:55 UTC 2009-09-29	3. * SECURITY UPDATE: privilege escalati... Author: Adam Conrad Revision Date: 2005-04-06 01:14:24 UTC * SECURITY UPDATE: privilege escalation fix (CAN-2004-0957) * Add (and apply) debian/patches/CAN-2004-0957_db_grant_underscore.diff - Fix a security issue where a local user with privileges on a database whose name contains an underscore may, in some cases, be able to grant privileges to other databases with similar names. * NOTE: This vulnerability was originally believed to have been fixed upstream in version 4.0.21, however that fix was incomplete.
lp:ubuntu/warty/mysql-dfsg	1 Development	2009-09-29 02:03:17 UTC 2009-09-29	2. * security update: fixed a security f... Author: Martin Pitt Revision Date: 2004-09-14 11:10:56 UTC * security update: fixed a security flaw in mysqlhotcopy which created temporary files in /tmp which had predictable filenames and such could be used for a tempfile run attack. Ported the change from version 4.0.20-11. (Warty bug #1198) References: CAN-2004-0457 * the patched mysqlhotcopy.sh from 4.0.20-11 and up breaks mysqlhotcopy.sh entirely (it does not even compile yet); made it work again and submitted patch to Debian (see http://bugs.debian.org/271632)
lp:ubuntu/breezy-security/mysql-dfsg	1 Development	2009-07-20 08:36:15 UTC 2009-07-20	5. * Replace 53_ignore_null_characters.d... Author: Martin Pitt Revision Date: 2006-05-15 11:18:05 UTC * Replace 53_ignore_null_characters.dpatch with 53_CVE-2006-0903_logging_bypass.dpatch: Do not simply ignore NUL characters in comments, but modify the logging function instead to log everything including the NULs. * Thanks to Sean Finney and Christian Hammers for pointing this out and for supplying the patch. * Add CVE number to 4.0.21-1 changelog.
lp:ubuntu/hoary-security/mysql-dfsg	1 Development	2009-07-20 08:35:39 UTC 2009-07-20	7. * Replace ignore_null_characters.patc... Author: Martin Pitt Revision Date: 2006-05-15 11:26:54 UTC * Replace ignore_null_characters.patch with nul_logging_bypass.patch: Do not simply ignore NUL characters in comments, but modify the logging function instead to log everything including the NULs. * Thanks to Sean Finney and Christian Hammers for pointing this out and for supplying the patch. * Add CVE number to 4.0.21-1 changelog.
lp:ubuntu/warty-security/mysql-dfsg	1 Development	2009-07-20 08:34:55 UTC 2009-07-20	4. * SECURITY UPDATE: Logging bypass. * ... Author: Martin Pitt Revision Date: 2006-04-27 10:37:57 UTC * SECURITY UPDATE: Logging bypass. * Add and apply debian/patches/ignore_null_characters.patch: - Filter out NUL characters from commands since they terminate command logging. - Patch ported from 5.0 branch: http://lists.mysql.com/commits/4337 (test suite patch skipped since the test suite looks completely different in 4.0). * References: CVE-2006-0903 http://bugs.mysql.com/bug.php?id=17667

Ubuntumysql-dfsg package

Ubuntu
mysql-dfsg package