Ubuntu
mysql-dfsg-5.0 package

MySQL in Hardy is vulnerable to CVE-2009-4028

Bug #670898 reported by Nick White
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mysql-dfsg-5.0 (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

CVE-2009-4028 is not fixed in mysql-server-5 5.0.51a-3ubuntu5.7 in Hardy.

The fix is at http://lists.mysql.com/commits/87446

I manually checked the source of the hardy package, after applying patches, and confirmed that it's still vulnerable.

CVE References

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and reporting a bug. Because mysql is compiled with yaSSL in Ubuntu, this is a non-issue. Please see http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-4028.html for details.

visibility: private → public
Changed in mysql-dfsg-5.0 (Ubuntu):
status: New → Won't Fix
Revision history for this message
Nick White (r-launchpad-njw-me-uk) wrote :

Ah, OK, thanks. Sorry for the noise.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.