Ubuntu
mysql-dfsg-5.0 package

Bug #323755
Comment #10

Comment 10 for bug 323755

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-02-10:

#10

This bug was fixed in the package mysql-dfsg-5.0 - 5.0.67-0ubuntu6.1

---------------
mysql-dfsg-5.0 (5.0.67-0ubuntu6.1) intrepid-security; urgency=low

  * SECURITY UPDATE: privilege circumvention via the creation of MyISAM
    tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
    existing table files in the data directory. This fix alters table creation
    behaviour by disallowing the use of the MySQL data directory in DATA
    DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
    - debian/patches/92_CVE-2008-4098.dpatch: Disallow use of MySQL
      data directory in DATA DIRECTORY and INDEX DIRECTORY options.
    - CVE-2008-4098
  * SECURITY UPDATE: Cross-site scripting in the command-line client
    - debian/patches/92_CVE-2008-4456.dpatch: use xmlencode_print in
      client/mysql.cc, add test to mysql-test/*.
    - CVE-2008-4456
  * SECURITY UPDATE: format string vulnerabilities in the dispatch_command
    function
    - debian/patches/92_CVE-2009-2446.dpatch: use correct format string in
      sql/sql_parse.cc, add test to tests/mysql_client_test.c.
    - CVE-2009-2446
  * SECURITY UPDATE: denial of service via certain SELECT statements with
    subqueries and statements that use the GeomFromWKB function
    - debian/patches/92_CVE-2009-4019.dpatch: return proper errors in
      sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
      null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
    - CVE-2009-4019
  * SECURITY UPDATE: privilege restriction bypass via incorrect calculation
    of the mysql_unpacked_real_data_home value
    - debian/patches/92_CVE-2009-4030.dpatch: fix initialization order in
      sql/mysqld.cc.
    - CVE-2009-4030
  * SECURITY UPDATE: arbitrary code execution via yassl stack overflow
    - debian/patches/93_CVE-2009-4484.dpatch: validate lengths in
      extra/yassl/taocrypt/src/asn.*.
    - CVE-2009-4484
  * debian/patches/94_ssl_test_certs.dpatch: update certificates in the
    test suite as they are expired. The new certs expire 2015-01-28.
    (LP: #323755)
-- Marc Deslauriers <email address hidden> Mon, 08 Feb 2010 09:00:54 -0500

This bug was fixed in the package mysql-dfsg-5.0 - 5.0.67-0ubuntu6.1

---------------
mysql-dfsg-5.0 (5.0.67-0ubuntu6.1) intrepid-security; urgency=low

* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
    tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
    existing table files in the data directory. This fix alters table creation
    behaviour by disallowing the use of the MySQL data directory in DATA
    DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
    - debian/patches/92_CVE-2008-4098.dpatch: Disallow use of MySQL
      data directory in DATA DIRECTORY and INDEX DIRECTORY options.
    - CVE-2008-4098
  * SECURITY UPDATE: Cross-site scripting in the command-line client
    - debian/patches/92_CVE-2008-4456.dpatch: use xmlencode_print in
      client/mysql.cc, add test to mysql-test/*.
    - CVE-2008-4456
  * SECURITY UPDATE: format string vulnerabilities in the dispatch_command
    function
    - debian/patches/92_CVE-2009-2446.dpatch: use correct format string in
      sql/sql_parse.cc, add test to tests/mysql_client_test.c.
    - CVE-2009-2446
  * SECURITY UPDATE: denial of service via certain SELECT statements with
    subqueries and statements that use the GeomFromWKB function
    - debian/patches/92_CVE-2009-4019.dpatch: return proper errors in
      sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
      null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
    - CVE-2009-4019
  * SECURITY UPDATE: privilege restriction bypass via incorrect calculation
    of the mysql_unpacked_real_data_home value
    - debian/patches/92_CVE-2009-4030.dpatch: fix initialization order in
      sql/mysqld.cc.
    - CVE-2009-4030
  * SECURITY UPDATE: arbitrary code execution via yassl stack overflow
    - debian/patches/93_CVE-2009-4484.dpatch: validate lengths in
      extra/yassl/taocrypt/src/asn.*.
    - CVE-2009-4484
  * debian/patches/94_ssl_test_certs.dpatch: update certificates in the
    test suite as they are expired. The new certs expire 2015-01-28.
    (LP: #323755)
 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>   Mon, 08 Feb 2010 09:00:54 -0500

Ubuntumysql-dfsg-5.0 package

Comment 10 for bug 323755

Ubuntu
mysql-dfsg-5.0 package