Serious regression in replication caused by fix for CVE-2012-4414
Bug #1154675 reported by
Clint Byrum
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| MySQL Server |
Unknown
|
Unknown
|
|||
| mysql-5.5 (Debian) |
Fix Released
|
Unknown
|
|||
| mysql-5.5 (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Bug Description
According to this blog post by Stewart Smith:
It looks like 5.5.29 has a serious problem with replication. This basically leaves CVE-2012-4414 only half-fixed.
CVE References
Revision history for this message
| Clint Byrum (clint-fewbar) wrote | #1 |
Revision history for this message
| Serge Hallyn (serge-hallyn) wrote confirmed | #2 |
| Changed in mysql-5.5 (Ubuntu): | |
| importance: | Undecided → High |
| status: | New → Confirmed |
| Changed in mysql-5.5 (Debian): | |
| status: | Unknown → Fix Committed |
| Changed in mysql-5.5 (Debian): | |
| status: | Fix Committed → Fix Released |
Revision history for this message
| Clint Byrum (clint-fewbar) wrote | #3 |
Revision history for this message
| Morgan Tocker (morgo) wrote | #4 |
Revision history for this message
| Robie Basak (racb) wrote | #5 |
| Changed in mysql-5.5 (Ubuntu): | |
| status: | Confirmed → Fix Released |
To post a comment you must log in.
There is a known working patch that has been applied in Percona Server and MariaDB, including regression tests. I have tested this patch in Debian and it seems to work.
The patch is available in the Debian packaging svn mirror. It is for 5.5.30.. but can be fixed fairly easily for 5.5.29 (just the extra comments in the mdev test's results have to be removed)
http://