mysql-server-5.0: 5.0.32-7~bpo.1 vs 5.0.32-7etch1 (CVE-2007-1420)

To: nobse@backports.org
Cc: backports-users@lists.backports.org
Subject: mysql-server-5.0: 5.0.32-7~bpo.1 vs 5.0.32-7etch1 (CVE-2007-1420)
From: Axel Beckert <beckert@phys.ethz.ch>
Date: Mon, 23 Apr 2007 16:31:34 +0200
Message-id: <[🔎] 20070423143134.GA21889@phys.ethz.ch>
Mail-followup-to: nobse@backports.org, backports-users@lists.backports.org

Hi,

don't know if just just oversaw it or if it's a time problem, but
mysql-server-5.0 in Sarge BPO (5.0.32-7~bpo.1) is vulnerable to
CVE-2007-1420[1] (database crash DoS via subselects), while the
version in Etch is fixed (5.0.32-7etch1) since 22-Mar-2007[2].

  [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1420
  [2] http://packages.qa.debian.org/m/mysql-dfsg-5.0/news/20070322T223911Z.html

		Kind regards, Axel Beckert
-- 
Axel Beckert <beckert@phys.ethz.ch>       support: +41 44 633 2668
IT Support Group, HPR E 86.1              voice:   +41 44 633 4189
Departement Physik, ETH Zurich            fax:     +41 44 633 1239
CH-8093 Zurich, Switzerland		  http://nic.phys.ethz.ch/

Reply to:

Follow-Ups:
- Re: mysql-server-5.0: 5.0.32-7~bpo.1 vs 5.0.32-7etch1 (CVE-2007-1420)
  - From: Norbert Tretkowski <norbert@tretkowski.de>

Prev by Date: Re: lighttpd 1.4.13-4~bpo.1
Next by Date: Re: mysql-server-5.0: 5.0.32-7~bpo.1 vs 5.0.32-7etch1 (CVE-2007-1420)
Previous by thread: Re: lighttpd 1.4.13-4~bpo.1
Next by thread: Re: mysql-server-5.0: 5.0.32-7~bpo.1 vs 5.0.32-7etch1 (CVE-2007-1420)
Index(es):
- Date
- Thread