-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 18 Mar 2005 01:34:24 +0100 Source: mysql Binary: mysql-common libmysqlclient10 mysql-server mysql-client libmysqlclient10-dev Architecture: source arm all Version: 3.23.49-8.10 Distribution: stable-security Urgency: low Maintainer: Martin Schulze <joey@debian.org> Changed-By: Christian Hammers <ch@debian.org> Description: libmysqlclient10 - mysql database client library libmysqlclient10-dev - mysql database development files mysql-client - mysql database client binaries mysql-common - mysql database common files (e.g. /etc/mysql/my.cnf) mysql-server - mysql database server binaries Closes: 285276 296674 300158 Changes: mysql (3.23.49-8.10) stable-security; urgency=low . * Maintainer prepared version, uploaded by the Security Team. * Applied patch for a bug that wrongly interpreted '_' in conjunction with the GRANT PRIVILEGES command as wildcard instead as literal character giving an unprivileged mysql user the possibility to grant himself rights on tables he has no privileges on. [CAN-2004-0957, http://bugs.mysql.com/3933] (Thanks to Sean Finney for creating the patch from the RedHat backporting and the MySQL bitkeeper changeset). Closes: #285276, #296674 * Stefano Di Paola found the following vulnerabilities: - Remote authenticated users with INSERT and DELETE privileges could execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated byusing strcat, on_exit, and exit. [CAN-2005-0709] - Remote authenticated users with INSERT and DELETE privileges could bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function. [CAN-2005-0710] - Predictable file names were used when creating temporary tables, which allowed local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. [CAN-2005-0711] Closes: #300158 Files: b828baffc0cf2db7ccefd2e6808b9142 877 misc optional mysql_3.23.49-8.10.dsc 0943aefc59bf43450a42f111456e5804 84286 misc optional mysql_3.23.49-8.10.diff.gz 2440c1f548700ec24f2d8126a5846013 17984 misc optional mysql-common_3.23.49-8.10_all.deb 2e4c00a1e73b331849c41f94cbb12f1b 239754 libs optional libmysqlclient10_3.23.49-8.10_arm.deb 77c50cdc18e6af6adb563b5a91342037 636314 devel optional libmysqlclient10-dev_3.23.49-8.10_arm.deb 6989effe42b089365ee493cf0d429554 125034 misc optional mysql-client_3.23.49-8.10_arm.deb e2ffc920591b0f4705e4fdb3b57e890e 2808222 misc optional mysql-server_3.23.49-8.10_arm.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCTZ3jW5ql+IAeqTIRAqmuAKCtlbLO+26UXpiHnWhWx7rw+9xjqACfTS+O F8xy9ygYCKHV5JgOdQPAELA= =QZdp -----END PGP SIGNATURE----- Accepted: libmysqlclient10-dev_3.23.49-8.10_arm.deb to pool/main/m/mysql/libmysqlclient10-dev_3.23.49-8.10_arm.deb libmysqlclient10_3.23.49-8.10_arm.deb to pool/main/m/mysql/libmysqlclient10_3.23.49-8.10_arm.deb mysql-client_3.23.49-8.10_arm.deb to pool/main/m/mysql/mysql-client_3.23.49-8.10_arm.deb mysql-common_3.23.49-8.10_all.deb to pool/main/m/mysql/mysql-common_3.23.49-8.10_all.deb mysql-server_3.23.49-8.10_arm.deb to pool/main/m/mysql/mysql-server_3.23.49-8.10_arm.deb mysql_3.23.49-8.10.diff.gz to pool/main/m/mysql/mysql_3.23.49-8.10.diff.gz mysql_3.23.49-8.10.dsc to pool/main/m/mysql/mysql_3.23.49-8.10.dsc -- To UNSUBSCRIBE, email to debian-changes-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
