Accepted mysql-dfsg-5.0 5.0.32-7etch3~bpo31+1 (source all i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 01 Dec 2007 13:20:10 +0100
Source: mysql-dfsg-5.0
Binary: libmysqlclient15-dev mysql-client mysql-client-5.0 mysql-server mysql-server-4.1 mysql-server-5.0 mysql-common libmysqlclient15off
Architecture: source all i386
Version: 5.0.32-7etch3~bpo31+1
Distribution: sarge-backports
Urgency: high
Maintainer: Christian Hammers <ch@debian.org>
Changed-By: Norbert Tretkowski <nobse@debian.org>
Description:
libmysqlclient15-dev - mysql database development files
libmysqlclient15off - mysql database client library
mysql-client - mysql database client (meta package depending on the latest versi
mysql-client-5.0 - mysql database client binaries
mysql-common - mysql database common files (e.g. /etc/mysql/my.cnf)
mysql-server - mysql database server (meta package depending on the latest versi
mysql-server-4.1 - mysql database server (transitional package)
mysql-server-5.0 - mysql database server binaries
Closes: 424778 424778 426353 451235
Changes:
mysql-dfsg-5.0 (5.0.32-7etch3~bpo31+1) sarge-backports; urgency=low
.
* Rebuilt for sarge.
.
mysql-dfsg-5.0 (5.0.32-7etch3) stable-security; urgency=high
.
* SECURITY:
Fix for CVE-2007-5925: The convert_search_mode_to_innobase function in
ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows
remote authenticated users to cause a denial of service (database crash)
via a certain CONTAINS operation on an indexed column, which triggers an
assertion error. (closes: #451235)
.
mysql-dfsg-5.0 (5.0.32-7etch2) stable-security; urgency=high
.
* Security release prepared for the security team by the Debian MySQL
maintainers. The patches were mostly taken from the Ubuntu project.
* CVE-2007-2583: The in_decimal::set function in item_cmpfunc.cc in MySQL
allowed context-dependent attackers to cause a denial of service (crash)
via a crafted IF clause that results in a divide-by-zero error and a NULL
pointer dereference. Closes: #426353
* CVE-2007-2691: MySQL did not require the DROP privilege for RENAME
TABLE statements, which allows remote authenticated users to rename
arbitrary tables. Closes: #424778
* CVE-2007-2692: The mysql_change_db function in MySQL did not restore
THD::db_access privileges when returning from SQL SECURITY INVOKER
stored routines, which allowed remote authenticated users to gain
privileges. Closes: #424778
* CVE-2007-3780: It was discovered that MySQL could be made to overflow
a signed char during authentication. Remote attackers could use crafted
authentication requests to cause a denial of service.
* CVE-2007-3782: Phil Anderton discovered that MySQL did not properly
verify access privileges when accessing external tables. As a result,
authenticated users could exploit this to obtain UPDATE privileges to
external tables.
Files:
f2abdceb386aa07fe1c425f0644c9278 1173 misc optional mysql-dfsg-5.0_5.0.32-7etch3~bpo31+1.dsc
1e4d4ac7e85e49b64c1eb75164cd5cae 158186 misc optional mysql-dfsg-5.0_5.0.32-7etch3~bpo31+1.diff.gz
e513ca324afb4a3df9b0b1bb10aeb437 53650 misc optional mysql-common_5.0.32-7etch3~bpo31+1_all.deb
993b62445e85e37ffa86485184727d94 47366 misc optional mysql-server_5.0.32-7etch3~bpo31+1_all.deb
2c65ac0f274d4d4fe635d2ecb604dcb0 45296 misc optional mysql-client_5.0.32-7etch3~bpo31+1_all.deb
4f13bfff6ac36e75cb194adc9218d024 1776048 libs optional libmysqlclient15off_5.0.32-7etch3~bpo31+1_i386.deb
24e58deec4f485b5a3450098ccb70ed5 6751138 libdevel optional libmysqlclient15-dev_5.0.32-7etch3~bpo31+1_i386.deb
ddab4e4ed78bab24ae167288370327e7 7089448 misc optional mysql-client-5.0_5.0.32-7etch3~bpo31+1_i386.deb
ab7e1cf35f1510622bbf41ee0e9a5d65 25127016 misc optional mysql-server-5.0_5.0.32-7etch3~bpo31+1_i386.deb
c584d19325bfd7c9c97cc62a261b50c2 47400 oldlibs extra mysql-server-4.1_5.0.32-7etch3~bpo31+1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHUWeur/RnCw96jQERAsvkAJwOFBhNDk2oYk4p0RiAL/StHxzZHQCfd4g+
5d6tZ2osniJKx4csSg02jLY=
=hRgB
-----END PGP SIGNATURE-----
Accepted:
libmysqlclient15-dev_5.0.32-7etch3~bpo31+1_i386.deb
to pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch3~bpo31+1_i386.deb
libmysqlclient15off_5.0.32-7etch3~bpo31+1_i386.deb
to pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch3~bpo31+1_i386.deb
mysql-client-5.0_5.0.32-7etch3~bpo31+1_i386.deb
to pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch3~bpo31+1_i386.deb
mysql-client_5.0.32-7etch3~bpo31+1_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch3~bpo31+1_all.deb
mysql-common_5.0.32-7etch3~bpo31+1_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch3~bpo31+1_all.deb
mysql-dfsg-5.0_5.0.32-7etch3~bpo31+1.diff.gz
to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch3~bpo31+1.diff.gz
mysql-dfsg-5.0_5.0.32-7etch3~bpo31+1.dsc
to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch3~bpo31+1.dsc
mysql-server-4.1_5.0.32-7etch3~bpo31+1_i386.deb
to pool/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch3~bpo31+1_i386.deb
mysql-server-5.0_5.0.32-7etch3~bpo31+1_i386.deb
to pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch3~bpo31+1_i386.deb
mysql-server_5.0.32-7etch3~bpo31+1_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch3~bpo31+1_all.deb
Reply to: