Ubuntu
mysql-dfsg-5.0 package

Branches for Gutsy

Name Status Last Modified Last Commit
lp:ubuntu/gutsy/mysql-dfsg-5.0 1 Development 2009-08-11 13:58:54 UTC
29. fix for mysql bug 27383 which causes ...

Author: Jamie Strandboge
Revision Date: 2007-10-02 19:28:58 UTC

fix for mysql bug 27383 which causes mysql-test 'mysql_client_test'
to fail due to gcc 4.x optimizations
lp:ubuntu/gutsy-proposed/mysql-dfsg-5.0 bug 1 Development 2009-08-11 14:00:27 UTC
31. * SECURITY UPDATE: buffer overflow vi...

Author: Jamie Strandboge
Revision Date: 2008-03-06 09:26:24 UTC

* SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in
  handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
* SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
* debian/patches/95_SECURITY_CVE-2008-0226_0227.dpatch: properly verify
  length of input (LP: #186978)
* SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY
  DEFINER VIEW and ALTER VIEW statements
* debian/patches/96_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer
  is non-NULL in sql_view.cc (LP: #185039)
* debian/patches/97_view_fix-now.dpatch: update view.test and view.result to
  use a static year instead of now(). These tests are not part of the build
  but helps with qa-regression-testing
* References
  CVE-2008-0226
  CVE-2008-0227
  CVE-2007-6303
lp:ubuntu/gutsy-security/mysql-dfsg-5.0 bug 1 Development 2009-08-11 14:00:28 UTC
32. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2008-11-13 10:34:12 UTC

* SECURITY UPDATE: denial of service via an empty bit-string literal (b'')
  - debian/patches/98_SECURITY_CVE-2008-3963.dpatch: fix Item_bin_string::
    Item_bin_string() in sql/item.cc to parse an empty bit-string literal
    as an empty string.
  - CVE-2008-3963
* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
  tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
  existing table files in the data directory. This update is a complete
  fix for the three CVE numbers listed below. This fix alters table creation
  behaviour by disallowing the use of the MySQL data directory in DATA
  DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
  - debian/patches/99_SECURITY_CVE-2008-4098.dpatch: Disallow use of MySQL
    data directory in DATA DIRECTORY and INDEX DIRECTORY options.
  - CVE-2008-2079
  - CVE-2008-4097
  - CVE-2008-4098
* debian/rules: do not update po tree for security updates.
lp:ubuntu/gutsy-updates/mysql-dfsg-5.0 1 Development 2009-08-11 13:59:18 UTC
32. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2008-11-13 10:34:12 UTC

* SECURITY UPDATE: denial of service via an empty bit-string literal (b'')
  - debian/patches/98_SECURITY_CVE-2008-3963.dpatch: fix Item_bin_string::
    Item_bin_string() in sql/item.cc to parse an empty bit-string literal
    as an empty string.
  - CVE-2008-3963
* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
  tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
  existing table files in the data directory. This update is a complete
  fix for the three CVE numbers listed below. This fix alters table creation
  behaviour by disallowing the use of the MySQL data directory in DATA
  DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
  - debian/patches/99_SECURITY_CVE-2008-4098.dpatch: Disallow use of MySQL
    data directory in DATA DIRECTORY and INDEX DIRECTORY options.
  - CVE-2008-2079
  - CVE-2008-4097
  - CVE-2008-4098
* debian/rules: do not update po tree for security updates.
14 of 4 results FirstPreviousNextLast