lp:~sergei.glushchenko/percona-server/CVE-2012-5627-bug1172090-5.1
Created by
Sergei Glushchenko
and last modified
- Get this branch:
- bzr branch lp:~sergei.glushchenko/percona-server/CVE-2012-5627-bug1172090-5.1
Only
Sergei Glushchenko
can upload to this branch. If you are
Sergei Glushchenko
please log in for upload directions.
Branch merges
Propose for merging
- Laurynas Biveinis (community): Approve
-
Diff: 570 lines (+249/-165)8 files modifiedPercona-Server/client/mysqltest.cc (+4/-1)
Percona-Server/mysql-test/r/change_user_notembedded.result (+5/-0)
Percona-Server/mysql-test/r/mysqltest.result (+3/-3)
Percona-Server/mysql-test/t/change_user_notembedded.test (+24/-0)
Percona-Server/sql/sql_class.cc (+1/-0)
Percona-Server/sql/sql_class.h (+1/-0)
Percona-Server/sql/sql_parse.cc (+15/-1)
Percona-Server/tests/mysql_client_test.c (+196/-160)
Related bugs
Bug #1172090: Integrate patch from MariaDB MDEV-3915 into Percona Server | High | Fix Released |
|
Related blueprints
Branch information
- Owner:
- Sergei Glushchenko
- Status:
- Merged
Recent revisions
- 535. By Sergei Glushchenko
-
Bug1172090: Integrate patch from MariaDB MDEV-3915 into Percona Server
This fixes CVE-2012-5627, when unprivileged user account can be used to
bruteforce other users.
Original commit comments:
allow only three failed change_user per connection.
successful change_user do NOT reset the counter
report "using password: YES/NO" correctly for the COM_CHANGE_USER failures
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:percona-server/5.6