Re: Re: MySQL Local Crash Vulnerability

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: Re: MySQL Local Crash Vulnerability
From: Zachary Schneider <zachary.schneider@RACKSPACE.COM>
Date: Wed, 18 Apr 2012 22:13:40 +0000
Message-id: <[🔎] 72861F4D-0C7A-46CB-8F4E-892E11CC08B0@RACKSPACE.COM>

>> On 04/18/2012 11:09 PM, Zachary Schneider wrote:
>> Reference:
>>  
>> http://www.h-online.com/open/news/item/Oracle-accidentally-release-MySQL-DoS-proof-of-concept-1526146.html
>>  
>> Create crash with:
>> 
>> http://bazaar.launchpad.net/~mysql/mysql-server/5.1/view/head:/mysql-test/suite/innodb/t/innodb_bug13510739.test?sort=filename
>> 
>> But I guess not. Of course Oracle isn't terribly helpful on the exact fix for the problem...

> Isn't this the fix? (judging by the commit that added that test file)
> 
> 
> https://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3560.8.4
> https://bazaar.launchpad.net/~mysql/mysql-server/5.1/diff/3560.8.4

Looks like it. Patched and tested, no longer a crash. Also it does look to be tracked, need to get better at searching the debian security site:

http://security-tracker.debian.org/tracker/CVE-2012-2102

Thanks!
-z-

Reply to:

Prev by Date: Re: MySQL Local Crash Vulnerability
Next by Date: CVE-2011-1521 - python update for squeeze?
Previous by thread: Re: MySQL Local Crash Vulnerability
Next by thread: CVE-2011-1521 - python update for squeeze?
Index(es):
- Date
- Thread