lp://staging/ubuntu/breezy-security/mysql-dfsg

Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/breezy-security/mysql-dfsg
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

5. By Martin Pitt

* Replace 53_ignore_null_characters.dpatch with
  53_CVE-2006-0903_logging_bypass.dpatch: Do not simply ignore NUL
  characters in comments, but modify the logging function instead to log
  everything including the NULs.
* Thanks to Sean Finney and Christian Hammers for pointing this out and for
  supplying the patch.
* Add CVE number to 4.0.21-1 changelog.

4. By Martin Pitt

* SECURITY UPDATE: Remote information leaks.
* Add debian/patches/54_check_connection_null_termination.dpatch:
  - sql/sql_parse.cc, check_connection(): Check for proper null termination
    of database/user names to avoid buffer overread.
  - CVE-2006-1516
* Add debian/patches/55_COM_TABLE_DUMP_null_termination.dpatch:
  - sql/sql_parse.cc, dispatch_command(), COM_TABLE_DUMP: Check for proper
    packet length to avoid buffer overread.
  - CVE-2006-1517
* Patches taken from upstream BK:
  http://mysql.bkbits.net:8080/mysql-5.0/gnupatch@444e888d2475TDk0cJd77GLmEuICfA

3. By Martin Pitt

* SECURITY UPDATE: Logging bypass.
* Add debian/patches/53_ignore_null_characters.dpatch:
  - Filter out NUL characters from commands since they terminate command
    logging.
  - Patch ported from 5.0 branch: http://lists.mysql.com/commits/4337 (test
    suite patch skipped since the test suite looks completely different in
    4.0).
* References:
  CVE-2006-0903
  http://bugs.mysql.com/bug.php?id=17667

2. By Martin Pitt

* SECURITY UPDATE: Fix privilege escalation.
* Add debian/patches/52_CAN-2005-2558_init_syms_functionnames.dpatch:
  - Declare function name buffer to be big enough for the maximum possible
    function name to avoid buffer overflow. This could be exploited only by
    users who have the privilege to create functions.
* References:
  CAN-2005-2558
  http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/035845.html
  http://bugs.debian.org/322133
  Ubuntu #13675

1. By Christian Hammers

Import upstream version 4.0.24

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers