[ubuntu/lucid] mysql-dfsg-5.1 5.1.41-3ubuntu7 (Accepted)

[Marc Deslauriers]

mysql-dfsg-5.1 (5.1.41-3ubuntu7) lucid; urgency=low

  * SECURITY UPDATE: privilege restriction bypass via incorrect calculation
    of the mysql_unpacked_real_data_home value
    - debian/patches/52_CVE-2009-4030.dpatch: fix initialization order in
      sql/mysqld.cc.
    - CVE-2009-4030
  * SECURITY UPDATE: arbitrary code execution via yassl stack overflow
    - debian/patches/53_CVE-2009-4484.dpatch: validate lengths in
      extra/yassl/taocrypt/src/asn.*.
    - CVE-2009-4484
  * SECURITY UPDATE: access restriction bypass via symlink
    - debian/patches/54_CVE-2008-7247.dpatch: improve symlink handling in
      sql/sql_table.cc.
    - CVE-2008-7247

Date: Mon, 22 Feb 2010 16:29:37 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/mysql-dfsg-5.1/5.1.41-3ubuntu7
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 22 Feb 2010 16:29:37 -0500
Source: mysql-dfsg-5.1
Binary: libmysqlclient16 libmysqlclient16-dev libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.1 mysql-server-core-5.1 mysql-server-5.1 mysql-server mysql-client
Architecture: source
Version: 5.1.41-3ubuntu7
Distribution: lucid
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libmysqlclient-dev - MySQL database development files
 libmysqlclient16 - MySQL database client library
 libmysqlclient16-dev - MySQL database development files - empty transitional package
 libmysqld-dev - MySQL embedded database development files
 libmysqld-pic - MySQL database development files
 mysql-client - MySQL database client (metapackage depending on the latest versio
 mysql-client-5.1 - MySQL database client binaries
 mysql-common - MySQL database common files (e.g. /etc/mysql/my.cnf)
 mysql-server - MySQL database server (metapackage depending on the latest versio
 mysql-server-5.1 - MySQL database server binaries
 mysql-server-core-5.1 - MySQL database core server files
Changes: 
 mysql-dfsg-5.1 (5.1.41-3ubuntu7) lucid; urgency=low
 .
   * SECURITY UPDATE: privilege restriction bypass via incorrect calculation
     of the mysql_unpacked_real_data_home value
     - debian/patches/52_CVE-2009-4030.dpatch: fix initialization order in
       sql/mysqld.cc.
     - CVE-2009-4030
   * SECURITY UPDATE: arbitrary code execution via yassl stack overflow
     - debian/patches/53_CVE-2009-4484.dpatch: validate lengths in
       extra/yassl/taocrypt/src/asn.*.
     - CVE-2009-4484
   * SECURITY UPDATE: access restriction bypass via symlink
     - debian/patches/54_CVE-2008-7247.dpatch: improve symlink handling in
       sql/sql_table.cc.
     - CVE-2008-7247
Checksums-Sha1: 
 526eda7a6a0b9a9908e78d9a9bf160b5824fce16 1885 mysql-dfsg-5.1_5.1.41-3ubuntu7.dsc
 a48724acc5683205b14877944ec749c521b09dca 318954 mysql-dfsg-5.1_5.1.41-3ubuntu7.diff.gz
Checksums-Sha256: 
 6bd14b38dd5e8b1a305176612d8c19d6489b1f779b105283f6aee47286d06b58 1885 mysql-dfsg-5.1_5.1.41-3ubuntu7.dsc
 8c2c87410bbdf7c2f7882a1f5436f66713c995a181f4818147192cbb4188249a 318954 mysql-dfsg-5.1_5.1.41-3ubuntu7.diff.gz
Files: 
 169d348575b75c8d3301a66920402b22 1885 misc optional mysql-dfsg-5.1_5.1.41-3ubuntu7.dsc
 6c976831e1ae24966b33e9c1cc3c6680 318954 misc optional mysql-dfsg-5.1_5.1.41-3ubuntu7.diff.gz
Original-Maintainer: Debian MySQL Maintainers <pkg-mysql-maint at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuDD2kACgkQLMAs/0C4zNpBGQCfdJtUodYyQomasSd8PlQDinQU
BqoAniZ0YI3LoHrhLRqY0YiZEG7UvPOV
=Ok+7
-----END PGP SIGNATURE-----