Comment 11 for bug 323755

This bug was fixed in the package mysql-dfsg-5.0 - 5.0.51a-3ubuntu5.5

---------------
mysql-dfsg-5.0 (5.0.51a-3ubuntu5.5) hardy-security; urgency=low

  * SECURITY UPDATE: Cross-site scripting in the command-line client
    - debian/patches/97_CVE-2008-4456.dpatch: use xmlencode_print in
      client/mysql.cc, add test to mysql-test/*.
    - CVE-2008-4456
  * SECURITY UPDATE: format string vulnerabilities in the dispatch_command
    function
    - debian/patches/97_CVE-2009-2446.dpatch: use correct format string in
      sql/sql_parse.cc, add test to tests/mysql_client_test.c.
    - CVE-2009-2446
  * SECURITY UPDATE: denial of service via certain SELECT statements with
    subqueries and statements that use the GeomFromWKB function
    - debian/patches/97_CVE-2009-4019.dpatch: return proper errors in
      sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
      null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
    - CVE-2009-4019
  * SECURITY UPDATE: privilege restriction bypass via incorrect calculation
    of the mysql_unpacked_real_data_home value
    - debian/patches/97_CVE-2009-4030.dpatch: fix initialization order in
      sql/mysqld.cc.
    - CVE-2009-4030
  * SECURITY UPDATE: arbitrary code execution via yassl stack overflow
    - debian/patches/98_CVE-2009-4484.dpatch: validate lengths in
      extra/yassl/taocrypt/src/asn.*.
    - CVE-2009-4484
  * debian/patches/99_ssl_test_certs.dpatch: update certificates in the
    test suite as they are expired. The new certs expire 2015-01-28.
    (LP: #323755)
 -- Marc Deslauriers <email address hidden> Mon, 08 Feb 2010 09:01:56 -0500