mysql-dfsg-5.0 5.0.67-0ubuntu6.1 source package in Ubuntu
Changelog
mysql-dfsg-5.0 (5.0.67-0ubuntu6.1) intrepid-security; urgency=low
* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
existing table files in the data directory. This fix alters table creation
behaviour by disallowing the use of the MySQL data directory in DATA
DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
- debian/patches/92_CVE-2008-4098.dpatch: Disallow use of MySQL
data directory in DATA DIRECTORY and INDEX DIRECTORY options.
- CVE-2008-4098
* SECURITY UPDATE: Cross-site scripting in the command-line client
- debian/patches/92_CVE-2008-4456.dpatch: use xmlencode_print in
client/mysql.cc, add test to mysql-test/*.
- CVE-2008-4456
* SECURITY UPDATE: format string vulnerabilities in the dispatch_command
function
- debian/patches/92_CVE-2009-2446.dpatch: use correct format string in
sql/sql_parse.cc, add test to tests/mysql_client_test.c.
- CVE-2009-2446
* SECURITY UPDATE: denial of service via certain SELECT statements with
subqueries and statements that use the GeomFromWKB function
- debian/patches/92_CVE-2009-4019.dpatch: return proper errors in
sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
- CVE-2009-4019
* SECURITY UPDATE: privilege restriction bypass via incorrect calculation
of the mysql_unpacked_real_data_home value
- debian/patches/92_CVE-2009-4030.dpatch: fix initialization order in
sql/mysqld.cc.
- CVE-2009-4030
* SECURITY UPDATE: arbitrary code execution via yassl stack overflow
- debian/patches/93_CVE-2009-4484.dpatch: validate lengths in
extra/yassl/taocrypt/src/asn.*.
- CVE-2009-4484
* debian/patches/94_ssl_test_certs.dpatch: update certificates in the
test suite as they are expired. The new certs expire 2015-01-28.
(LP: #323755)
-- Marc Deslauriers <email address hidden> Mon, 08 Feb 2010 09:00:54 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Intrepid
- Original maintainer:
- Ubuntu Development Team
- Architectures:
- any
- Section:
- misc
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| mysql-dfsg-5.0_5.0.67.orig.tar.gz | 17.3 MiB | ba6d44de885af088f08abd6e8aa124db36474480a3cd2c5505e8f0acaefd2274 |
| mysql-dfsg-5.0_5.0.67-0ubuntu6.1.diff.gz | 328.5 KiB | 05e151e411cc4f0fd508876b1bde8825678e1522b757c981d773130d3eee7050 |
| mysql-dfsg-5.0_5.0.67-0ubuntu6.1.dsc | 1.8 KiB | 8652dcb953b9c42fba81ceec29aef4e5fa3cfc7207023cb3bbc04c6eeeb26419 |
Available diffs
Binary packages built by this source
- libmysqlclient15-dev: No summary available for libmysqlclient15-dev in ubuntu intrepid.
No description available for libmysqlclient1
5-dev in ubuntu intrepid.
- libmysqlclient15off: No summary available for libmysqlclient15off in ubuntu intrepid.
No description available for libmysqlclient15off in ubuntu intrepid.
- mysql-client: No summary available for mysql-client in ubuntu intrepid.
No description available for mysql-client in ubuntu intrepid.
- mysql-client-5.0: No summary available for mysql-client-5.0 in ubuntu intrepid.
No description available for mysql-client-5.0 in ubuntu intrepid.
- mysql-common: No summary available for mysql-common in ubuntu intrepid.
No description available for mysql-common in ubuntu intrepid.
- mysql-server: No summary available for mysql-server in ubuntu intrepid.
No description available for mysql-server in ubuntu intrepid.
- mysql-server-5.0: No summary available for mysql-server-5.0 in ubuntu intrepid.
No description available for mysql-server-5.0 in ubuntu intrepid.
