lp://staging/ubuntu/breezy-security/mysql-dfsg
- Get this branch:
- bzr branch lp://staging/ubuntu/breezy-security/mysql-dfsg
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 5. By Martin Pitt
-
* Replace 53_ignore_
null_characters .dpatch with
53_CVE-2006-0903_ logging_ bypass. dpatch: Do not simply ignore NUL
characters in comments, but modify the logging function instead to log
everything including the NULs.
* Thanks to Sean Finney and Christian Hammers for pointing this out and for
supplying the patch.
* Add CVE number to 4.0.21-1 changelog. - 4. By Martin Pitt
-
* SECURITY UPDATE: Remote information leaks.
* Add debian/patches/ 54_check_ connection_ null_terminatio n.dpatch:
- sql/sql_parse.cc, check_connection(): Check for proper null termination
of database/user names to avoid buffer overread.
- CVE-2006-1516
* Add debian/patches/ 55_COM_ TABLE_DUMP_ null_terminatio n.dpatch:
- sql/sql_parse.cc, dispatch_command(), COM_TABLE_DUMP: Check for proper
packet length to avoid buffer overread.
- CVE-2006-1517
* Patches taken from upstream BK:
http://mysql.bkbits. net:8080/ mysql-5. 0/gnupatch@ 444e888d2475TDk 0cJd77GLmEuICfA - 3. By Martin Pitt
-
* SECURITY UPDATE: Logging bypass.
* Add debian/patches/ 53_ignore_ null_characters .dpatch:
- Filter out NUL characters from commands since they terminate command
logging.
- Patch ported from 5.0 branch: http://lists.mysql. com/commits/ 4337 (test
suite patch skipped since the test suite looks completely different in
4.0).
* References:
CVE-2006-0903
http://bugs.mysql. com/bug. php?id= 17667 - 2. By Martin Pitt
-
* SECURITY UPDATE: Fix privilege escalation.
* Add debian/patches/ 52_CAN- 2005-2558_ init_syms_ functionnames. dpatch:
- Declare function name buffer to be big enough for the maximum possible
function name to avoid buffer overflow. This could be exploited only by
users who have the privilege to create functions.
* References:
CAN-2005-2558
http://lists.grok. org.uk/ pipermail/ full-disclosure /2005-August/ 035845. html
http://bugs.debian. org/322133
Ubuntu #13675
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)