on kubuntu/edgy, digikam 0.9.1 I had this bug introduced by the following mysql patch, but the workaround as described in #12 ( give write perms to all ) solved it for me. everything still on nfs.
* SECURITY UPDATE: denial of service via crafted IF clause
* debian/patches/91_CVE-2007-2583.dpatch: fix sql/item_cmpfunc.cc to verify
res is not NULL
* SECURITY UPDATE: privilege escalation
* debian/patches/91_CVE-2007-2691.dpatch: fix sql/sql_parse.cc to make sure
DROP privileges are required when using RENAME TABLE statements
* SECURITY UPDATE: denial of service via crafted authentication request
* debian/patches/91_CVE-2007-3780.dpatch: fix sql/sql_parse.cc to not
overflow a signed char
* SECURITY UPDATE: privilege escalation via views
* debian/patches/91_CVE-2007-3782.dpatch: fix sql/sql_prepare.cc and
sql/sql_update.cc to properly verify access privileges to external tables
* SECURITY UPDATE: warn on startup if root mysql account has a blank
password. debian/mysql-server-5.0.mysql.init: supply 'reset-password' and
check for blank password. Based on work by Soren Hansen.
* References
CVE-2007-2583
CVE-2007-2691
CVE-2007-3780
CVE-2007-3782
Launchpad #119075
on kubuntu/edgy, digikam 0.9.1 I had this bug introduced by the following mysql patch, but the workaround as described in #12 ( give write perms to all ) solved it for me. everything still on nfs.
mysql-dfsg-5.0 (5.0.38-0ubuntu1.1) feisty-security; urgency=low
* SECURITY UPDATE: denial of service via crafted IF clause patches/ 91_CVE- 2007-2583. dpatch: fix sql/item_cmpfunc.cc to verify patches/ 91_CVE- 2007-2691. dpatch: fix sql/sql_parse.cc to make sure patches/ 91_CVE- 2007-3780. dpatch: fix sql/sql_parse.cc to not patches/ 91_CVE- 2007-3782. dpatch: fix sql/sql_prepare.cc and sql_update. cc to properly verify access privileges to external tables mysql-server- 5.0.mysql. init: supply 'reset-password' and
* debian/
res is not NULL
* SECURITY UPDATE: privilege escalation
* debian/
DROP privileges are required when using RENAME TABLE statements
* SECURITY UPDATE: denial of service via crafted authentication request
* debian/
overflow a signed char
* SECURITY UPDATE: privilege escalation via views
* debian/
sql/
* SECURITY UPDATE: warn on startup if root mysql account has a blank
password. debian/
check for blank password. Based on work by Soren Hansen.
* References
CVE-2007-2583
CVE-2007-2691
CVE-2007-3780
CVE-2007-3782
Launchpad #119075
-- Jamie Strandboge <email address hidden> Wed, 3 Oct 2007 13:32:38 -0400