lp:ubuntu/edgy-updates/mysql-dfsg-5.0
- Get this branch:
- bzr branch lp:ubuntu/edgy-updates/mysql-dfsg-5.0
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 15. By Jamie Strandboge
-
* SECURITY UPDATE: denial of service via crafted CONTAINS operation when
using InnoDB
* debian/patches/ 98_SECURITY_ CVE-2007- 5925.dpatch: make sure innodb returns
error on unsupported operations (db0err.h, page0cur.h, ha_innodb.cc)
* SECURITY UPDATE: privilege escalation using symlinks when using DATA
DIRECTORY and INDEX DIRECTORY options via a RENAME TABLE statement
* debian/patches/ 98_SECURITY_ CVE-2007- 5969.dpatch: fix for my_symlink2.c to
properly check symlinks when performing a rename operation
* SECURITY UPDATE: denial of service via SHOW TABLE STATUS query in
federated engine
* debian/patches/ 98_SECURITY_ CVE-2007- 6304.dpatch: fix for ha_federated.cc
to to return error if the response doesn't have enough columns
* SECURITY UPDATE: information disclosure when using CREATE TABLE LIKE
statements
* debian/patches/ 98_SECURITY_ CVE-2007- 3781.dpatch: fix to enforce access
privileges (sql_parse.cc, handler.h, sql_yacc.yy)
* debian/control: Build-Depends on bison
* References
CVE-2007-5925
CVE-2007-5969
CVE-2007-6304
CVE-2007-3781
LP #172260 - 14. By Jamie Strandboge
-
* SECURITY UPDATE: denial of service via crafted IF clause
* debian/patches/ 97_CVE- 2007-2583. dpatch: fix sql/item_cmpfunc.cc to verify
res is not NULL
* SECURITY UPDATE: privilege escalation
* debian/patches/ 97_CVE- 2007-2691. dpatch: fix sql/sql_parse.cc to make sure
DROP privileges are required when using RENAME TABLE statements
* SECURITY UPDATE: denial of service via crafted authentication request
* debian/patches/ 97_CVE- 2007-3780. dpatch: fix sql/sql_parse.cc to not
overflow a signed char
* SECURITY UPDATE: privilege escalation via views
* debian/patches/ 97_CVE- 2007-3782. dpatch: fix sql/sql_prepare.cc and
sql/sql_update.cc to properly verify access privileges to external tables
* SECURITY UPDATE: warn on startup if root mysql account has a blank
password. debian/mysql-server- 5.0.mysql. init: supply 'reset-password' and
check blank password. Based on work by Soren Hansen.
* References
CVE-2007-2583
CVE-2007-2691
CVE-2007-3780
CVE-2007-3782
Launchpad #119075 - 13. By Kees Cook
-
* SECURITY UPDATE: denial of service via subselects.
* debian/patches/ 46_CVE- 2007-1420_ subselect_ dos.dpatch: backported from
Debain upstream.
* debian/rules: disabled debconf-updatepo for security update.
* References
http://bugs.debian. org/cgi- bin/bugreport. cgi?bug= 414790
CVE-2007-1420 - 12. By Christian Hammers
-
* Having expire_logs_days enabled but log-bin not crashes the server. Using
both or none of those options is safe. To prevent this happening during the
nightly log rotation via /etc/logrotate.d/mysql the initscript checks for
malicious combination of options. See: #368547
* The Sarge package "mysql-server" which used to include the mysqld daemon
may still be in unselected-configured state (i.e. after a remove but not
purge) in which case its now obsolete cronscript has to be moved away
(thanks to Charles Lepple). Closes: #385669
* Updated Danish Debconf translation (thanks to Claus Hindsgaul).
Closes: #390315
* Updated Frensh Debconf translation (thanks to Christian Perrier).
Closes: #390980 - 11. By Martin Pitt
-
* Merge from debian unstable.
* Remaining Ubuntu changes:
- debian/additions/ debian- start{, .inc.sh} : Redirect postinst stdout to
logger to not disturb debconf. - 10. By Adam Conrad
-
* Redirect mysql_upgrade output to syslog, instead of littering the
console, which appears to royally mess up debconf when I'm unlucky.
* Merge with Debian's pending 5.0.21-4 release to get new debconf
translations and the BLOCKSIZE fix for the free disk space check. - 9. By Christian Hammers
-
Fixed FTBFS problem which was caused by a patch that modifies Makefile.am
as well as Makefile.in and was not deteced because my desktop was fast
enough to patch both files within the same second and so fooled automake.
(thanks to Blars Blarson for notifying me). Closes: #366534 - 8. By Christian Hammers
-
Fixed bug in postinst that did not correctly rewrite
/etc/mysql/debian. cnf (thanks to Daniel Leidert).
Closes: #365433, #366155 - 7. By Adam Conrad
-
[ Christian Hammers ]
* Fixed libmysqlclient15.README. Debian regarding package name changes
(thanks to Leppo).
* Moved libheap.a etc. back to /usr/lib/mysql/ as their names are just
too generic. Closes: #353924
[ Sean Finney ]
* updated danish debconf translation, thanks to Claus Hindsgaul
(closes: #357424).
[ Adam Conrad ]
* Send stderr from 'find' in preinst to /dev/null to tidy up chatter.
* Backport patch for CVE-2006-0903 from the upcoming release to resolve
a log bypass vulnerability when using non-binary logs (closes: #359701)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/mysql-dfsg-5.0