Comment 7 for bug 172260

STATUS UPDATE

CVE-2007-2692 is not fixed in Debian Etch (and therefore the patch can't be used in Ubuntu releases). DSA-1413 omits part of the patch to sql/sql_db.cc and the test cases. If use the test cases from http://lists.mysql.com/commits/23650 against Etch, then it shows that Etch is still vulnerable. MDKSA-2007:243 does not address CVE-2007-2692. Investigating proper fix.