Ubuntu
mysql-dfsg-5.0 package

lp://staging/ubuntu/gutsy-security/mysql-dfsg-5.0

  1. Gutsy (7.10)
  2. gutsy-security
Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/gutsy-security/mysql-dfsg-5.0
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

32. By Marc Deslauriers

* SECURITY UPDATE: denial of service via an empty bit-string literal (b'')
  - debian/patches/98_SECURITY_CVE-2008-3963.dpatch: fix Item_bin_string::
    Item_bin_string() in sql/item.cc to parse an empty bit-string literal
    as an empty string.
  - CVE-2008-3963
* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
  tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
  existing table files in the data directory. This update is a complete
  fix for the three CVE numbers listed below. This fix alters table creation
  behaviour by disallowing the use of the MySQL data directory in DATA
  DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
  - debian/patches/99_SECURITY_CVE-2008-4098.dpatch: Disallow use of MySQL
    data directory in DATA DIRECTORY and INDEX DIRECTORY options.
  - CVE-2008-2079
  - CVE-2008-4097
  - CVE-2008-4098
* debian/rules: do not update po tree for security updates.

31. By Jamie Strandboge

no change build for -security upload

30. By Jamie Strandboge

* SECURITY UPDATE: denial of service via crafted CONTAINS operation when
  using InnoDB
* debian/patches/91_SECURITY_CVE-2007-5925.dpatch: make sure innodb returns
  error on unsupported operations (db0err.h, page0cur.h, ha_innodb.cc)
* SECURITY UPDATE: privilege escalation using symlinks when using DATA
  DIRECTORY and INDEX DIRECTORY options via a RENAME TABLE statement
* debian/patches/92_SECURITY_CVE-2007-5969.dpatch: fix for my_symlink2.c to
  properly check symlinks when performing a rename operation
* SECURITY UPDATE: denial of service via SHOW TABLE STATUS query in
  federated engine
* debian/patches/94_SECURITY_CVE-2007-6304.dpatch: fix for ha_federated.cc
  to to return error if the response doesn't have enough columns
* References
  CVE-2007-5925
  CVE-2007-5969
  CVE-2007-6304
  LP #172260

29. By Jamie Strandboge

fix for mysql bug 27383 which causes mysql-test 'mysql_client_test'
to fail due to gcc 4.x optimizations

28. By Matthias Klose

Apply same configuration options on lpia as for i386.

27. By Mathias Gug

* debian/libmysqlclient15-dev.files, debian/mysql-client-5.0.files,
  debian/mysql-server-5.0.files: remove dummy man pages, as they are
  shipped in mysql-doc-5.0 package in the restricted repository.
* debian/control:
  - Set Maintainer to Ubuntu Core dev. Move Debian maintainer
    to XSBC-Original-Maintainer.
  - Add mysql-doc-5.0 as a Suggests to mysql-client-5.0, mysql-server-5.0
    and libmysqlclient15-dev.

26. By sean finney <email address hidden>

* New upstream release.

[sean finney]
* removed patches that are incorporated into the latest release:
  - 70_cpuid_on_i486.dpatch
  - 91_SECURITY_CVE-2007-2691_alter-drop
* new patch 90_upstreamdebiandir.dpatch to keep a few lingering references
  to the upstream ./debian dir out of the build, at least until we find
  a nice way to collaborate on sharing the directory.
* updated CRUFT list to fix double-build breakage (closes: #424590).
* add conditional build-deps for linux-libc-dev to fix FTBFS for
  non-linux arch's (closes: #431018).
* added notes to my.cnf and README.Debian about setting tmpdir when
  configuring a replication slave. thanks to Rudy Gevaert for pointing
  this out (closes: #431825).

25. By Christian Hammers

[sean finney]
* SECURITY:
  Fix for CVE-2007-2691: DROP/RENAME TABLE statements (closes: #424778).
[Christian Hammers]
* Removed all manpages from the source (therefore the "41a") as they
  are not licensed under the GPL and redistribution is not permitted
  (thanks to Mathias Gug). Closes: #430018
* Added linux-libc-dev to the build-depends as else an illegal dependency to
  asm/atomic.h is generated in /usr/include/mysql/my_global.h. Closes: 424276
[Christian Perrier]
* Debconf templates and debian/control reviewed by the debian-l10n-
  english team as part of the Smith review project. Closes: #419974
* Debconf translation updates:
  - French. Closes: #422187
  - Galician. Closes: #420118
  - Italian. Closes: #421349
  - Brazilian Portuguese. Closes: #421516
  - Arabic. Closes: #421751
  - Czech. Closes: #421766
  - Portuguese. Closes: #422428

24. By sean finney <email address hidden>

the previous "translation changes" inadvertently introduced unrelated
changes in the package control file.

23. By Martin Pitt

Fake sync from Debian. All Ubuntu changes are in Debian, but we have a
md5sum mismatch on the orig.tar.gz.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/karmic/mysql-dfsg-5.0
This branch contains Public information 
Everyone can see this information.

Subscribers