[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Please unblock mysql-dfsg-5.0.32-2


MySQL release another upstream version which fixes a lot of "can cause the
server to crash" type bugs which of course could potentially allow people to
cause data loss to other users and thus could be considered as DoS.
Also there was a bug that let "mysql_upgrade" crash which would probably a
nasty thing on sarge->etch upgrades.

I had to make a -2 upload as I inadvertently deleted a necessary .dpatch
file. The new "upstream" is now in unstable for 15 days without any reported
regressions. Alpha builds are still missing but this seems to be due
to a lack of redundancy in our buildd environment (*g*), the last couple of
upstream versions all worked fine on alpha.

bye & TIA,


 mysql-dfsg-5.0 (5.0.32-2) unstable; urgency=high
   * The last upload suffered from a regression that made NDB totally
     unusable and caused a dependency to libmysqlclient15-dev in the
     mysql-server-5.0 package. The relevant 85_* patch was re-added again.
     Closes: #406435
   * Added lintian-overrides for an error that does not affect our packages.
     There are now only warnings and not errors left.

 mysql-dfsg-5.0 (5.0.32-1) unstable; urgency=high
   * New upstream version.
     * SECURITY: mysql_fix_privilege_tables.sql altered the
       table_privs.table_priv column to contain too few privileges, causing
       loss of the CREATE VIEW and SHOW VIEW privileges. (MySQL Bug#20589)
     * SECURITY (DoS): ALTER TABLE statements that performed both RENAME TO
       and {ENABLE|DISABLE} KEYS operations caused a server crash. (MySQL
     * SECURITY (DoS): LAST_DAY('0000-00-00') could cause a server crash.
       (MySQL Bug#23653)
     * SECURITY (DoS): Using EXPLAIN caused a server crash for queries that
       selected from INFORMATION_SCHEMA in a subquery in the FROM clause.
       (MySQL Bug#22413)
     * SECURITY (DoS): Invalidating the query cache (e.g. when using stored
procedures) caused a server crash for INSERT INTO ... SELECT statements that
       selected from a view. (MySQL Bug#20045)
     * Using mysql_upgrade with a password crashed the server. Closes:
     * yaSSL crashed on pre-Pentium Intel and Cyrix CPUs. (MySQL Bug#21765)
       Closes: #383759
     * Lots of small fixes to the NDB cluster storage engine.
   * Updated Japanese Debconf template (thanks to Hideki Yamane).
     Closes: #405793
   * Fixed comment regarding "mycheck" in debian-start (thanks to
     Enrico Zini). Closes: #405787

Reply to: