On Fri, 2005-09-30 at 08:49 +0200, Martin Schulze wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 829-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 30, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : mysql
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2558
BugTraq ID : 14509
A stack-based buffer overflow in the init_syms function of MySQL, a
popular database, has been discovered that allows remote authenticated
users who can create user-defined functions to execute arbitrary code
via a long function_name field. The ability to create user-defined
functions is not typically granted to untrusted users.
The following vulnerability matrix shows which version of MySQL in
which distribution has this problem fixed:
woody sarge sid
mysql 3.23.49-8.14 n/a n/a
mysql-dfsg n/a 4.0.24-10sarge1 4.0.24-10sarge1
mysql-dfsg-4.1 n/a 4.1.11a-4sarge2 4.1.14-2
mysql-dfsg-5.0 n/a n/a 5.0.11beta-3
That's not one of our package, I've checked.