Ubuntu
mysql-dfsg-5.0 package

Branches for Edgy

Name		Status	Last Modified	Last Commit
lp:ubuntu/edgy/mysql-dfsg-5.0		1 Development	2009-08-11 13:57:48 UTC 2009-08-11	12. * Having expire_logs_days enabled but... Author: Christian Hammers Revision Date: 2006-10-03 14:55:31 UTC * Having expire_logs_days enabled but log-bin not crashes the server. Using both or none of those options is safe. To prevent this happening during the nightly log rotation via /etc/logrotate.d/mysql the initscript checks for malicious combination of options. See: #368547 * The Sarge package "mysql-server" which used to include the mysqld daemon may still be in unselected-configured state (i.e. after a remove but not purge) in which case its now obsolete cronscript has to be moved away (thanks to Charles Lepple). Closes: #385669 * Updated Danish Debconf translation (thanks to Claus Hindsgaul). Closes: #390315 * Updated Frensh Debconf translation (thanks to Christian Perrier). Closes: #390980
lp:ubuntu/edgy-proposed/mysql-dfsg-5.0		1 Development	2009-08-11 13:58:04 UTC 2009-08-11	14. * SECURITY UPDATE: buffer overflow vi... Author: Jamie Strandboge Revision Date: 2008-03-06 09:09:00 UTC * SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in handshake.cpp and input_buffer& operator>> in yassl_imp.cpp * SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp * debian/patches/99_SECURITY_CVE-2008-0226_0227.dpatch: properly verify length of input (LP: #186978). * SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements * debian/patches/100_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer is non-NULL in sql_view.cc (LP: #185039). This patch also fixes upstream bug #21080, which was needed to keep VIEW definitions in sync. * SECURITY UPDATE: denial of service via crafted EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table * debian/patches/101_SECURITY_CVE-2006-7232.dpatch: make sure thd->lex-describe is non-NULL in sql_select.cc (LP: #161127) * debian/patches/102_view_fix-now.dpatch: update view.test and view.result to use a static year instead of now(). These tests are not part of the build but helps with qa-regression-testing * SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored routines * debian/patches/103_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access when returning from stored routine by performing privilege checks in the execution stage rather than the parsing stage. * References CVE-2008-0226 CVE-2008-0227 CVE-2007-6303 CVE-2006-7232 CVE-2007-2692 http://bugs.mysql.com/bug.php?id=27337 http://bugs.mysql.com/bug.php?id=21080
lp:ubuntu/edgy-security/mysql-dfsg-5.0		1 Development	2009-08-11 13:57:54 UTC 2009-08-11	16. no change build for -security upload Author: Jamie Strandboge Revision Date: 2008-03-19 15:15:59 UTC no change build for -security upload
lp:ubuntu/edgy-updates/mysql-dfsg-5.0		1 Development	2009-08-11 13:58:13 UTC 2009-08-11	16. no change build for -security upload Author: Jamie Strandboge Revision Date: 2008-03-19 15:15:59 UTC no change build for -security upload