Branches for Intrepid

Author: Chuck Short
Revision Date: 2008-09-18 09:37:56 UTC

Clean up mysql apparmor profile. (LP: #270663)

Author: Marc Deslauriers
Revision Date: 2010-02-08 09:00:54 UTC

* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
  tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
  existing table files in the data directory. This fix alters table creation
  behaviour by disallowing the use of the MySQL data directory in DATA
  DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
  - debian/patches/92_CVE-2008-4098.dpatch: Disallow use of MySQL
    data directory in DATA DIRECTORY and INDEX DIRECTORY options.
  - CVE-2008-4098
* SECURITY UPDATE: Cross-site scripting in the command-line client
  - debian/patches/92_CVE-2008-4456.dpatch: use xmlencode_print in
    client/mysql.cc, add test to mysql-test/*.
  - CVE-2008-4456
* SECURITY UPDATE: format string vulnerabilities in the dispatch_command
  function
  - debian/patches/92_CVE-2009-2446.dpatch: use correct format string in
    sql/sql_parse.cc, add test to tests/mysql_client_test.c.
  - CVE-2009-2446
* SECURITY UPDATE: denial of service via certain SELECT statements with
  subqueries and statements that use the GeomFromWKB function
  - debian/patches/92_CVE-2009-4019.dpatch: return proper errors in
    sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
    null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
  - CVE-2009-4019
* SECURITY UPDATE: privilege restriction bypass via incorrect calculation
  of the mysql_unpacked_real_data_home value
  - debian/patches/92_CVE-2009-4030.dpatch: fix initialization order in
    sql/mysqld.cc.
  - CVE-2009-4030
* SECURITY UPDATE: arbitrary code execution via yassl stack overflow
  - debian/patches/93_CVE-2009-4484.dpatch: validate lengths in
    extra/yassl/taocrypt/src/asn.*.
  - CVE-2009-4484
* debian/patches/94_ssl_test_certs.dpatch: update certificates in the
  test suite as they are expired. The new certs expire 2015-01-28.
  (LP: #323755)

Author: Marc Deslauriers
Revision Date: 2010-02-08 09:00:54 UTC

* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
  tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
  existing table files in the data directory. This fix alters table creation
  behaviour by disallowing the use of the MySQL data directory in DATA
  DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
  - debian/patches/92_CVE-2008-4098.dpatch: Disallow use of MySQL
    data directory in DATA DIRECTORY and INDEX DIRECTORY options.
  - CVE-2008-4098
* SECURITY UPDATE: Cross-site scripting in the command-line client
  - debian/patches/92_CVE-2008-4456.dpatch: use xmlencode_print in
    client/mysql.cc, add test to mysql-test/*.
  - CVE-2008-4456
* SECURITY UPDATE: format string vulnerabilities in the dispatch_command
  function
  - debian/patches/92_CVE-2009-2446.dpatch: use correct format string in
    sql/sql_parse.cc, add test to tests/mysql_client_test.c.
  - CVE-2009-2446
* SECURITY UPDATE: denial of service via certain SELECT statements with
  subqueries and statements that use the GeomFromWKB function
  - debian/patches/92_CVE-2009-4019.dpatch: return proper errors in
    sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
    null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
  - CVE-2009-4019
* SECURITY UPDATE: privilege restriction bypass via incorrect calculation
  of the mysql_unpacked_real_data_home value
  - debian/patches/92_CVE-2009-4030.dpatch: fix initialization order in
    sql/mysqld.cc.
  - CVE-2009-4030
* SECURITY UPDATE: arbitrary code execution via yassl stack overflow
  - debian/patches/93_CVE-2009-4484.dpatch: validate lengths in
    extra/yassl/taocrypt/src/asn.*.
  - CVE-2009-4484
* debian/patches/94_ssl_test_certs.dpatch: update certificates in the
  test suite as they are expired. The new certs expire 2015-01-28.
  (LP: #323755)

Author: Chuck Short
Revision Date: 2009-10-06 13:53:24 UTC

debian/patches/fix-dummy-thread-race-condition.dpatch: Fix dummy thread
creation (LP: #343870)