lp://staging/ubuntu/feisty-security/mysql-dfsg-5.0
- Get this branch:
- bzr branch lp://staging/ubuntu/feisty-security/mysql-dfsg-5.0
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 24. By Jamie Strandboge
-
* SECURITY UPDATE: denial of service via crafted CONTAINS operation when
using InnoDB
* debian/patches/ 91_SECURITY_ CVE-2007- 5925.dpatch: make sure innodb returns
error on unsupported operations (db0err.h, page0cur.h, ha_innodb.cc)
* SECURITY UPDATE: privilege escalation using symlinks when using DATA
DIRECTORY and INDEX DIRECTORY options via a RENAME TABLE statement
* debian/patches/ 92_SECURITY_ CVE-2007- 5969.dpatch: fix for my_symlink2.c to
properly check symlinks when performing a rename operation
* SECURITY UPDATE: denial of service via SHOW TABLE STATUS query in
federated engine
* debian/patches/ 94_SECURITY_ CVE-2007- 6304.dpatch: fix for ha_federated.cc
to to return error if the response doesn't have enough columns
* SECURITY UPDATE: information disclosure when using CREATE TABLE LIKE
statements
* debian/patches/ 96_SECURITY_ CVE-2007- 3781.dpatch: fix to enforce access
privileges (sql_parse.cc, handler.h, sql_yacc.yy)
* References
CVE-2007-5925
CVE-2007-5969
CVE-2007-6304
CVE-2007-3781
LP #172260 - 23. By Jamie Strandboge
-
* SECURITY UPDATE: denial of service via crafted IF clause
* debian/patches/ 91_CVE- 2007-2583. dpatch: fix sql/item_cmpfunc.cc to verify
res is not NULL
* SECURITY UPDATE: privilege escalation
* debian/patches/ 91_CVE- 2007-2691. dpatch: fix sql/sql_parse.cc to make sure
DROP privileges are required when using RENAME TABLE statements
* SECURITY UPDATE: denial of service via crafted authentication request
* debian/patches/ 91_CVE- 2007-3780. dpatch: fix sql/sql_parse.cc to not
overflow a signed char
* SECURITY UPDATE: privilege escalation via views
* debian/patches/ 91_CVE- 2007-3782. dpatch: fix sql/sql_prepare.cc and
sql/sql_update.cc to properly verify access privileges to external tables
* SECURITY UPDATE: warn on startup if root mysql account has a blank
password. debian/mysql-server- 5.0.mysql. init: supply 'reset-password' and
check for blank password. Based on work by Soren Hansen.
* References
CVE-2007-2583
CVE-2007-2691
CVE-2007-3780
CVE-2007-3782
Launchpad #119075 - 22. By Martin Pitt
-
* Package the Enterprise version again (.37 was a community version), since
Debian and we have always done so. This brings in a few more bug fixes and
makes functional derivations less likely.
* debian/README. Maintainer: Add pointer to upstream download URL, since it
is very hard to find the Enterprise versions.
* Disable 33_scripts__mysql_ create_ system_ tables_ _no_test. dpatch, since that
script was removed upstream.
* debian/patches/ 41_scripts_ _mysql_ install_ db.sh__ no_test. dpatch: Adapted to
changed formatting in new upstream version.
* Remove debian/patches/ 86_PATH_ MAX.dpatch, fixed upstream.
* Add debian/patches/ 90_org_ tables_ definition. dpatch: Fix local variable
declaration in libmysqld/sql_parse. cc to fix compilation with
EMBEDDED_LIBRARY. - 21. By Martin Pitt
-
* New upstream bugfix release.
- Fixes replication failure with auto-increment and on duplicate key
update, a regression introduced into 5.0.24. (LP: #95821)
* debian/control: Set Ubuntu maintainer.
* debian/rules: Change comments from 'Debian etch' to 'Ubuntu 7.04'. - 20. By Christian Hammers
-
Really fixed FTBFS on Sparc introduced with the "make -j" trick in
5.0.32-8 (thanks to Frank Lichtenheld). Closes: #415026 - 19. By Christian Hammers
-
* The last upload suffered from a regression that made NDB totally
unusable and caused a dependency to libmysqlclient15-dev in the
mysql-server-5.0 package. The relevant 85_* patch was re-added again.
Closes: #406435
* Added lintian-overrides for an error that does not affect our packages.
There are now only warnings and not errors left. - 18. By Christian Hammers
-
* Fixed upstream regression in header files that lead to FTBFS for
mysql-admin, mysql-query-browser and probably other pacakges.
(thanks to Andreas Henriksson). Closes: #403081, #403082
* Fixed some upstream scripts by replacing /etc by /etc/mysql (thanks to
Julien Antony). Closes: #401083
* Updated French Debconf translation (thanks to Christian Perrier).
Closes: #401434
* Added Spanish Debconf translation (thanks to Javier Fernandez-Sanguino
Pena). Closes: #401953
* Marked a Debconf question that is just a dummy and only internally
used as not-needing-translation. Closes: #403163
* Fixed mysqlslowdump patch to not remove the usage() function (thanks
to Monty Tailor). - 16. By Christian Hammers
-
* New upstream version (switch to the MySQL Enterprise branch).
* Upstream bugfix for the Innodb performance bug:
"Very poor performance with multiple queries running
concurrently (Bug#15815)".
* Upstream bugfix for a possible server crash:
"Selecting from a MERGE table could result in a server crash if the
underlying tables had fewer indexes than the MERGE table itself
(Bug#22937)"
* Upstream bugfies for *lot* of NDB problems.
* Upstream bugfix for Innodb optimizer bug. Closes: #397597
* Updated Italian Debconf translation (thanks to Luca Monducci).
Closes: #401305
* Updated debian/watch file to MySQL Enterprise branch.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/karmic/mysql-dfsg-5.0