lp:ubuntu/edgy-updates/mysql-dfsg-5.0

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

16. By Jamie Strandboge on 2008-03-19

no change build for -security upload

15. By Jamie Strandboge on 2007-12-19

* SECURITY UPDATE: denial of service via crafted CONTAINS operation when
  using InnoDB
* debian/patches/98_SECURITY_CVE-2007-5925.dpatch: make sure innodb returns
  error on unsupported operations (db0err.h, page0cur.h, ha_innodb.cc)
* SECURITY UPDATE: privilege escalation using symlinks when using DATA
  DIRECTORY and INDEX DIRECTORY options via a RENAME TABLE statement
* debian/patches/98_SECURITY_CVE-2007-5969.dpatch: fix for my_symlink2.c to
  properly check symlinks when performing a rename operation
* SECURITY UPDATE: denial of service via SHOW TABLE STATUS query in
  federated engine
* debian/patches/98_SECURITY_CVE-2007-6304.dpatch: fix for ha_federated.cc
  to to return error if the response doesn't have enough columns
* SECURITY UPDATE: information disclosure when using CREATE TABLE LIKE
  statements
* debian/patches/98_SECURITY_CVE-2007-3781.dpatch: fix to enforce access
  privileges (sql_parse.cc, handler.h, sql_yacc.yy)
* debian/control: Build-Depends on bison
* References
  CVE-2007-5925
  CVE-2007-5969
  CVE-2007-6304
  CVE-2007-3781
  LP #172260

14. By Jamie Strandboge on 2007-10-03

* SECURITY UPDATE: denial of service via crafted IF clause
* debian/patches/97_CVE-2007-2583.dpatch: fix sql/item_cmpfunc.cc to verify
  res is not NULL
* SECURITY UPDATE: privilege escalation
* debian/patches/97_CVE-2007-2691.dpatch: fix sql/sql_parse.cc to make sure
  DROP privileges are required when using RENAME TABLE statements
* SECURITY UPDATE: denial of service via crafted authentication request
* debian/patches/97_CVE-2007-3780.dpatch: fix sql/sql_parse.cc to not
  overflow a signed char
* SECURITY UPDATE: privilege escalation via views
* debian/patches/97_CVE-2007-3782.dpatch: fix sql/sql_prepare.cc and
  sql/sql_update.cc to properly verify access privileges to external tables
* SECURITY UPDATE: warn on startup if root mysql account has a blank
  password. debian/mysql-server-5.0.mysql.init: supply 'reset-password' and
  check blank password. Based on work by Soren Hansen.
* References
  CVE-2007-2583
  CVE-2007-2691
  CVE-2007-3780
  CVE-2007-3782
  Launchpad #119075

13. By Kees Cook on 2007-03-15

* SECURITY UPDATE: denial of service via subselects.
* debian/patches/46_CVE-2007-1420_subselect_dos.dpatch: backported from
  Debain upstream.
* debian/rules: disabled debconf-updatepo for security update.
* References
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414790
  CVE-2007-1420

12. By Christian Hammers on 2006-10-03

* Having expire_logs_days enabled but log-bin not crashes the server. Using
  both or none of those options is safe. To prevent this happening during the
  nightly log rotation via /etc/logrotate.d/mysql the initscript checks for
  malicious combination of options. See: #368547
* The Sarge package "mysql-server" which used to include the mysqld daemon
  may still be in unselected-configured state (i.e. after a remove but not
  purge) in which case its now obsolete cronscript has to be moved away
  (thanks to Charles Lepple). Closes: #385669
* Updated Danish Debconf translation (thanks to Claus Hindsgaul).
  Closes: #390315
* Updated Frensh Debconf translation (thanks to Christian Perrier).
  Closes: #390980

11. By Martin Pitt on 2006-07-07

* Merge from debian unstable.
* Remaining Ubuntu changes:
  - debian/additions/debian-start{,.inc.sh}: Redirect postinst stdout to
    logger to not disturb debconf.

10. By Adam Conrad on 2006-05-23

* Redirect mysql_upgrade output to syslog, instead of littering the
  console, which appears to royally mess up debconf when I'm unlucky.
* Merge with Debian's pending 5.0.21-4 release to get new debconf
  translations and the BLOCKSIZE fix for the free disk space check.

9. By Christian Hammers on 2006-05-06

Fixed FTBFS problem which was caused by a patch that modifies Makefile.am
as well as Makefile.in and was not deteced because my desktop was fast
enough to patch both files within the same second and so fooled automake.
(thanks to Blars Blarson for notifying me). Closes: #366534

8. By Christian Hammers on 2006-05-04

Fixed bug in postinst that did not correctly rewrite
/etc/mysql/debian.cnf (thanks to Daniel Leidert).
Closes: #365433, #366155

7. By Adam Conrad on 2006-04-04

[ Christian Hammers ]
* Fixed libmysqlclient15.README.Debian regarding package name changes
  (thanks to Leppo).
* Moved libheap.a etc. back to /usr/lib/mysql/ as their names are just
  too generic. Closes: #353924
[ Sean Finney ]
* updated danish debconf translation, thanks to Claus Hindsgaul
  (closes: #357424).
[ Adam Conrad ]
* Send stderr from 'find' in preinst to /dev/null to tidy up chatter.
* Backport patch for CVE-2006-0903 from the upcoming release to resolve
  a log bypass vulnerability when using non-binary logs (closes: #359701)