Ubuntu
mysql-dfsg-5.0 package

lp://staging/ubuntu/jaunty-updates/mysql-dfsg-5.0

  1. Jaunty (9.04)
  2. jaunty-updates
Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/jaunty-updates/mysql-dfsg-5.0
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Mature

Recent revisions

63. By Marc Deslauriers

* SECURITY UPDATE: privilege check bypass via crafted table name argument
  to COM_FIELD_LIST
  - debian/patches/102_CVE-2010-1848.dpatch: check table name in
    sql/sql_parse.cc, Add tests to tests/mysql_client_test.c.
  - CVE-2010-1848
* SECURITY UPDATE: denial of service via large packets
  - debian/patches/101_CVE-2010-1849.dpatch: handle big packets in
    sql/sql_parse.cc, include/mysql_com.h, sql/net_serv.cc.
  - CVE-2010-1849
* SECURITY UPDATE: arbitrary code execution via crafted table name
  argument to COM_FIELD_LIST
  - debian/patches/100_CVE-2010-1850.dpatch: check table name length in
    sql/sql_parse.cc.
  - CVE-2010-1850
* SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack
  - debian/patches/103_CVE-2010-1626.dpatch: check for symlinks in
    myisam/mi_delete_table.c, add tests to mysql-test/*.
  - CVE-2010-1626

62. By Marc Deslauriers

* SECURITY UPDATE: Cross-site scripting in the command-line client
  - debian/patches/93_CVE-2008-4456.dpatch: use xmlencode_print in
    client/mysql.cc, add test to mysql-test/*.
  - CVE-2008-4456
* SECURITY UPDATE: format string vulnerabilities in the dispatch_command
  function
  - debian/patches/94_CVE-2009-2446.dpatch: use correct format string in
    sql/sql_parse.cc, add test to tests/mysql_client_test.c.
  - CVE-2009-2446
* SECURITY UPDATE: denial of service via certain SELECT statements with
  subqueries and statements that use the GeomFromWKB function
  - debian/patches/95_CVE-2009-4019.dpatch: return proper errors in
    sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
    null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
  - CVE-2009-4019
* SECURITY UPDATE: privilege restriction bypass via incorrect calculation
  of the mysql_unpacked_real_data_home value
  - debian/patches/96_CVE-2009-4030.dpatch: fix initialization order in
    sql/mysqld.cc.
  - CVE-2009-4030
* SECURITY UPDATE: arbitrary code execution via yassl stack overflow
  - debian/patches/97_CVE-2009-4484.dpatch: validate lengths in
    extra/yassl/taocrypt/src/asn.*.
  - CVE-2009-4484
* debian/patches/92_ssl_test_cert.dpatch: disabled patch as certs are now
  expired.
* debian/patches/98_ssl_test_certs.dpatch: update certificates in the
  test suite as they are expired. The new certs expire 2015-01-28.

61. By Chuck Short

debian/mysql-server-5.0.postinst: Clear out the second password
when setting up mysql. (LP: #344816)

60. By Jamie Strandboge

* debian/apparmor-profile: add 'network tcp' and access to
  /var/run/samba/winbindd_privileged/pipe (LP: #306886)
* debian/apparmor-profile: add '/var/log/mysql.log rw' and
  '/var/log/mysql.err rw' (LP: #348532)

59. By Jamie Strandboge

debian/apparmor-profile: add 'capability sys_resource' so that
settings in /etc/mysql/my.cnf will work properly (LP: #306541)

58. By Andreas Olsson

Revert 56-mysqlhotcopy-invalid-dbtable.dpatch: The behavior of
$dbh->tables() has changed. Instead of returning a simple
"tablename" it returns a full "databasename.tablename". LP: #296952

57. By Dustin Kirkland 

[ Andreas Olsson <email address hidden> ]
Modifies debian-start.inc.sh to support ANSI mode (LP: #310211)

56. By Mathias Gug

[ Andreas Olsson ]
debian/patches/92_ssl_test_cert.dpatch: Re-generated the PKI files needed
for the tests.
(LP: #323755)

55. By Mathias Gug

debian/additions/my.cnf: remove language option. Error message files are
located in a different directory in MySQL 5.1. Setting the language option
to use /usr/share/mysql/ breaks 5.1. Both 5.0 and 5.1 use a default value
that works. (LP: #316974).

54. By Mathias Gug

* debian/additions/my.cnf: remove skip-bdb option. This option is not
  available in 5.1 anymore. Moreover 5.0 isn't build with the BerkeleyDB
  engine. (LP: #316849)
* debian/mysql-sever-core-5.0.files: move character sets files to -core as
  they're required for mysqld to properly support character sets.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/karmic/mysql-dfsg-5.0
This branch contains Public information 
Everyone can see this information.

Subscribers