* SECURITY UPDATE: Cross-site scripting in the command-line client
- debian/patches/97_CVE-2008-4456.dpatch: use xmlencode_print in
client/mysql.cc, add test to mysql-test/*.
- CVE-2008-4456
* SECURITY UPDATE: format string vulnerabilities in the dispatch_command
function
- debian/patches/97_CVE-2009-2446.dpatch: use correct format string in
sql/sql_parse.cc, add test to tests/mysql_client_test.c.
- CVE-2009-2446
* SECURITY UPDATE: denial of service via certain SELECT statements with
subqueries and statements that use the GeomFromWKB function
- debian/patches/97_CVE-2009-4019.dpatch: return proper errors in
sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
- CVE-2009-4019
* SECURITY UPDATE: privilege restriction bypass via incorrect calculation
of the mysql_unpacked_real_data_home value
- debian/patches/97_CVE-2009-4030.dpatch: fix initialization order in
sql/mysqld.cc.
- CVE-2009-4030
* SECURITY UPDATE: arbitrary code execution via yassl stack overflow
- debian/patches/98_CVE-2009-4484.dpatch: validate lengths in
extra/yassl/taocrypt/src/asn.*.
- CVE-2009-4484
* debian/patches/99_ssl_test_certs.dpatch: update certificates in the
test suite as they are expired. The new certs expire 2015-01-28.
(LP: #323755)
-- Marc Deslauriers <email address hidden> Mon, 08 Feb 2010 09:01:56 -0500
This bug was fixed in the package mysql-dfsg-5.0 - 5.0.51a-3ubuntu5.5
--------------- 3ubuntu5. 5) hardy-security; urgency=low
mysql-dfsg-5.0 (5.0.51a-
* SECURITY UPDATE: Cross-site scripting in the command-line client patches/ 97_CVE- 2008-4456. dpatch: use xmlencode_print in mysql.cc, add test to mysql-test/*. patches/ 97_CVE- 2009-2446. dpatch: use correct format string in sql_parse. cc, add test to tests/mysql_ client_ test.c. patches/ 97_CVE- 2009-4019. dpatch: return proper errors in sql_class. cc, handle errors in sql/sql_select.cc, set correct geofunc. cc, add tests to mysql-test/*. real_data_ home value patches/ 97_CVE- 2009-4030. dpatch: fix initialization order in mysqld. cc. patches/ 98_CVE- 2009-4484. dpatch: validate lengths in yassl/taocrypt/ src/asn. *. patches/ 99_ssl_ test_certs. dpatch: update certificates in the
- debian/
client/
- CVE-2008-4456
* SECURITY UPDATE: format string vulnerabilities in the dispatch_command
function
- debian/
sql/
- CVE-2009-2446
* SECURITY UPDATE: denial of service via certain SELECT statements with
subqueries and statements that use the GeomFromWKB function
- debian/
sql/
null_value in sql/item_
- CVE-2009-4019
* SECURITY UPDATE: privilege restriction bypass via incorrect calculation
of the mysql_unpacked_
- debian/
sql/
- CVE-2009-4030
* SECURITY UPDATE: arbitrary code execution via yassl stack overflow
- debian/
extra/
- CVE-2009-4484
* debian/
test suite as they are expired. The new certs expire 2015-01-28.
(LP: #323755)
-- Marc Deslauriers <email address hidden> Mon, 08 Feb 2010 09:01:56 -0500