[ubuntu/dapper-security] mysql-dfsg-5.0 (delayed), mysql-dfsg-5.0 5.0.22-0ubuntu6.06.15 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Thu Nov 11 15:05:52 GMT 2010
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.15) dapper-security; urgency=low
* SECURITY UPDATE: denial of service via joins involving a table with a
unique SET column
- debian/patches/113_SECURITY_CVE-2010-3677.dpatch: improve logic in
sql/item_cmpfunc.cc. Add tests to mysql-test/*.
- CVE-2010-3677
* SECURITY UPDATE: denial of service via TEMPORARY InnoDB tables with
nullable columns
- debian/patches/113_SECURITY_CVE-2010-3680.dpatch: check for null
datatype in sql/ha_innodb.cc. Add tests to mysql-test/*.
- CVE-2010-3680
* SECURITY UPDATE: denial of service via alternate reads from two indexes
on a table using the HANDLER interface
- debian/patches/113_SECURITY_CVE-2010-3681.dpatch: check for the same
index in sql/sql_handler.cc. Add tests to mysql-test/*.
- CVE-2010-3681
* SECURITY UPDATE: denial of service via use of EXPLAIN with certain
queries
- debian/patches/113_SECURITY_CVE-2010-3682.dpatch: improve conditional
in sql/sql_select.cc. Add tests to mysql-test/*.
- CVE-2010-3682
* SECURITY UPDATE: denial of service via derived table materializing.
- debian/patches/113_SECURITY_CVE-2010-3834.dpatch: handle temporary
tables in sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*.
- CVE-2010-3834
* SECURITY UPDATE: denial of service via pre-evaluation of LIKE
predicates during view preparation.
- debian/patches/113_SECURITY_CVE-2010-3836.dpatch: make sure we're not
in view preparation mode in sql/item_cmpfunc.cc. Add tests to
mysql-test/*.
- CVE-2010-3836
* SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and
WITH ROLLUP together.
- debian/patches/113_SECURITY_CVE-2010-3837.dpatch: create a copy of
the order structures in sql/item_sum.cc, sql/table.h. Add tests to
mysql-test/*.
- CVE-2010-3837
* SECURITY UPDATE: denial of service via longblob and union or update
with subquery.
- debian/patches/113_SECURITY_CVE-2010-3838.dpatch: handle REAL_RESULT
in sql/item_func.cc. Add tests to mysql-test/*.
- CVE-2010-3838
* SECURITY UPDATE: denial of service via PolyFromWKB() function and
improper data.
- debian/patches/113_SECURITY_CVE-2010-3840.dpatch: improve data
handling in sql/spatial.cc. Add tests to mysql-test/*.
- CVE-2010-3840
Date: Tue, 09 Nov 2010 14:10:41 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Christian Hammers <ch at debian.org>
https://launchpad.net/ubuntu/dapper/+source/mysql-dfsg-5.0/5.0.22-0ubuntu6.06.15
-------------- next part --------------
Format: 1.7
Date: Tue, 09 Nov 2010 14:10:41 -0500
Source: mysql-dfsg-5.0
Binary: libmysqlclient15-dev mysql-client mysql-client-5.0 mysql-server mysql-server-5.0 mysql-common libmysqlclient15off
Architecture: source
Version: 5.0.22-0ubuntu6.06.15
Distribution: dapper-security
Urgency: low
Maintainer: Christian Hammers <ch at debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libmysqlclient15-dev - mysql database development files
libmysqlclient15off - mysql database client library
mysql-client - mysql database client (current version)
mysql-client-5.0 - mysql database client binaries
mysql-common - mysql database common files (e.g. /etc/mysql/my.cnf)
mysql-server - mysql database server (current version)
mysql-server-5.0 - mysql database server binaries
Changes:
mysql-dfsg-5.0 (5.0.22-0ubuntu6.06.15) dapper-security; urgency=low
.
* SECURITY UPDATE: denial of service via joins involving a table with a
unique SET column
- debian/patches/113_SECURITY_CVE-2010-3677.dpatch: improve logic in
sql/item_cmpfunc.cc. Add tests to mysql-test/*.
- CVE-2010-3677
* SECURITY UPDATE: denial of service via TEMPORARY InnoDB tables with
nullable columns
- debian/patches/113_SECURITY_CVE-2010-3680.dpatch: check for null
datatype in sql/ha_innodb.cc. Add tests to mysql-test/*.
- CVE-2010-3680
* SECURITY UPDATE: denial of service via alternate reads from two indexes
on a table using the HANDLER interface
- debian/patches/113_SECURITY_CVE-2010-3681.dpatch: check for the same
index in sql/sql_handler.cc. Add tests to mysql-test/*.
- CVE-2010-3681
* SECURITY UPDATE: denial of service via use of EXPLAIN with certain
queries
- debian/patches/113_SECURITY_CVE-2010-3682.dpatch: improve conditional
in sql/sql_select.cc. Add tests to mysql-test/*.
- CVE-2010-3682
* SECURITY UPDATE: denial of service via derived table materializing.
- debian/patches/113_SECURITY_CVE-2010-3834.dpatch: handle temporary
tables in sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*.
- CVE-2010-3834
* SECURITY UPDATE: denial of service via pre-evaluation of LIKE
predicates during view preparation.
- debian/patches/113_SECURITY_CVE-2010-3836.dpatch: make sure we're not
in view preparation mode in sql/item_cmpfunc.cc. Add tests to
mysql-test/*.
- CVE-2010-3836
* SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and
WITH ROLLUP together.
- debian/patches/113_SECURITY_CVE-2010-3837.dpatch: create a copy of
the order structures in sql/item_sum.cc, sql/table.h. Add tests to
mysql-test/*.
- CVE-2010-3837
* SECURITY UPDATE: denial of service via longblob and union or update
with subquery.
- debian/patches/113_SECURITY_CVE-2010-3838.dpatch: handle REAL_RESULT
in sql/item_func.cc. Add tests to mysql-test/*.
- CVE-2010-3838
* SECURITY UPDATE: denial of service via PolyFromWKB() function and
improper data.
- debian/patches/113_SECURITY_CVE-2010-3840.dpatch: improve data
handling in sql/spatial.cc. Add tests to mysql-test/*.
- CVE-2010-3840
Files:
c0d4e7d49f9857c71d8e91c1e7cc54b2 1765 misc optional mysql-dfsg-5.0_5.0.22-0ubuntu6.06.15.dsc
38c129d7339c89f4eba4c19fd3b48a8e 178188 misc optional mysql-dfsg-5.0_5.0.22-0ubuntu6.06.15.diff.gz
More information about the dapper-changes
mailing list