Bug#536726: marked as done (post-authentication format string vulnerability (CVE-2009-2446))

Debian Bug Tracking System Wed, 02 Sep 2009 19:27:40 -0700

Your message dated Thu, 03 Sep 2009 01:58:13 +0000
with message-id <[email protected]>
and subject line Bug#536726: fixed in mysql-dfsg-5.0 5.0.51a-24+lenny2
has caused the Debian Bug report #536726,
regarding post-authentication format string vulnerability (CVE-2009-2446)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
536726: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536726
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

package: mysql-dfsg-5.0
version: 5.0.32-7etch8
severity: important
tags: security

hello, it has been disclosed that mysql has a post-authentication
format string vulnerability [1].  according to that message, affected
versions are claimed to be 5.0.45 and older, which would mean that lenny
and sid are not affected; however, this needs to be checked.

[1] http://seclists.org/fulldisclosure/2009/Jul/0058.html

--- End Message ---

--- Begin Message ---

Source: mysql-dfsg-5.0
Source-Version: 5.0.51a-24+lenny2

We believe that the bug you reported is fixed in the latest version of
mysql-dfsg-5.0, which is due to be installed in the Debian FTP archive:

libmysqlclient15-dev_5.0.51a-24+lenny2_i386.deb
  to pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_i386.deb
libmysqlclient15off_5.0.51a-24+lenny2_i386.deb
  to pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_i386.deb
mysql-client-5.0_5.0.51a-24+lenny2_i386.deb
  to pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_i386.deb
mysql-client_5.0.51a-24+lenny2_all.deb
  to pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.51a-24+lenny2_all.deb
mysql-common_5.0.51a-24+lenny2_all.deb
  to pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.51a-24+lenny2_all.deb
mysql-dfsg-5.0_5.0.51a-24+lenny2.diff.gz
  to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny2.diff.gz
mysql-dfsg-5.0_5.0.51a-24+lenny2.dsc
  to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny2.dsc
mysql-server-5.0_5.0.51a-24+lenny2_i386.deb
  to pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_i386.deb
mysql-server_5.0.51a-24+lenny2_all.deb
  to pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.51a-24+lenny2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastien Delafond <[email protected]> (supplier of updated mysql-dfsg-5.0 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 27 Aug 2009 10:31:25 +0200
Source: mysql-dfsg-5.0
Binary: libmysqlclient15off libmysqlclient15-dev mysql-common mysql-client-5.0 
mysql-server-5.0 mysql-server mysql-client
Architecture: source all i386
Version: 5.0.51a-24+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Debian MySQL Maintainers <[email protected]>
Changed-By: Sebastien Delafond <[email protected]>
Description: 
 libmysqlclient15-dev - MySQL database development files
 libmysqlclient15off - MySQL database client library
 mysql-client - MySQL database client (metapackage depending on the latest 
versio
 mysql-client-5.0 - MySQL database client binaries
 mysql-common - MySQL database common files
 mysql-server - MySQL database server (metapackage depending on the latest 
versio
 mysql-server-5.0 - MySQL database server binaries
Closes: 536726
Changes: 
 mysql-dfsg-5.0 (5.0.51a-24+lenny2) stable-security; urgency=high
 .
   * SECURITY:
     Fix for CVE-2009-2446: Multiple format string vulnerabilities in the
     dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL
     4.0.0 through 5.0.83 allow remote authenticated users to cause a denial
     of service (daemon crash) and possibly have unspecified other impact via
     format string specifiers in a database name in a (1) COM_CREATE_DB or
     (2) COM_DROP_DB request. Closes: #536726.
     Complete debdiff for 5.0.51a-24+lenny2 generously contributed by
     Christian Hammers <[email protected]>.
Checksums-Sha1: 
 dbacd17f4cce8c23d20dd03e0ef70d7c9d103f08 1745 
mysql-dfsg-5.0_5.0.51a-24+lenny2.dsc
 f4a9e089b8322f5cc333b16b3f27bab840f823cf 336017 
mysql-dfsg-5.0_5.0.51a-24+lenny2.diff.gz
 c9522b9211734b3855b1ef98fa318eee3588e255 60754 
mysql-common_5.0.51a-24+lenny2_all.deb
 ec3271b8958baf89766d2b334db0edc6f4863777 55140 
mysql-server_5.0.51a-24+lenny2_all.deb
 714690f6d1089a55418c4ebc2bdb7ef1dfa9e881 52942 
mysql-client_5.0.51a-24+lenny2_all.deb
 d461f802a21c89cc8bb92e1be71937c5d952579d 1859180 
libmysqlclient15off_5.0.51a-24+lenny2_i386.deb
 a3dc78456ab492a5f9be9bcafa90cb471cdde1c2 7192962 
libmysqlclient15-dev_5.0.51a-24+lenny2_i386.deb
 5fe0256ad34aa8fb1affdf86d24c2b9f7d28cc74 7785324 
mysql-client-5.0_5.0.51a-24+lenny2_i386.deb
 930724d7acdb7e35110646b26139cfe0aa25ce78 26514714 
mysql-server-5.0_5.0.51a-24+lenny2_i386.deb
Checksums-Sha256: 
 e5385c4037ed8e468227a252ca33c7a89f13e833aadae98345c1cf10d93dc8e5 1745 
mysql-dfsg-5.0_5.0.51a-24+lenny2.dsc
 e608f452d88774275357fcf2c675868a3509474549375f1c374299ad9f42732a 336017 
mysql-dfsg-5.0_5.0.51a-24+lenny2.diff.gz
 e4b5f28d37029e9f88722986ea6f07fb23971030a4fa355bf7e43433e7c4ea16 60754 
mysql-common_5.0.51a-24+lenny2_all.deb
 0ae02bbe5f11c1258a0315468b3f4cc13ea4176c9387bc29e594457c34c5d03c 55140 
mysql-server_5.0.51a-24+lenny2_all.deb
 6722ebb14ab015b6f9595056e608bcc425887ca5db4f78198248660f79f22b25 52942 
mysql-client_5.0.51a-24+lenny2_all.deb
 060e5c3456c40b0ab5d93bdcd225470c5a354f07da239e48d261414db2d05e5e 1859180 
libmysqlclient15off_5.0.51a-24+lenny2_i386.deb
 a1377e8abdccceb6514823aed566d57829cb792e78a990526d0bcc333132eb3f 7192962 
libmysqlclient15-dev_5.0.51a-24+lenny2_i386.deb
 2cf75766bb638bfb6fa883f75804bdb4fcb544ef79b309f9c6f574d8fb49f2f4 7785324 
mysql-client-5.0_5.0.51a-24+lenny2_i386.deb
 bc21f501f0f6292cdc46a5d18d90e03d1248a8ebae2ab70bbf788742210b2add 26514714 
mysql-server-5.0_5.0.51a-24+lenny2_i386.deb
Files: 
 55c6c40c4cee89c4b9602b1f5c9fbab2 1745 misc optional 
mysql-dfsg-5.0_5.0.51a-24+lenny2.dsc
 73e71bc1448601de508d0aa47ca3c0c2 336017 misc optional 
mysql-dfsg-5.0_5.0.51a-24+lenny2.diff.gz
 29e2385383abbe3b88e370d7c024d8c1 60754 misc optional 
mysql-common_5.0.51a-24+lenny2_all.deb
 1b33f8d6803d58f3510f2b1a6fff9935 55140 misc optional 
mysql-server_5.0.51a-24+lenny2_all.deb
 1559a30bde9a3c81192c90401b11988c 52942 misc optional 
mysql-client_5.0.51a-24+lenny2_all.deb
 a4384b5580df4a2f92e0fb0850100128 1859180 libs optional 
libmysqlclient15off_5.0.51a-24+lenny2_i386.deb
 f105e413fd396eb1babf2e44c79f3393 7192962 libdevel optional 
libmysqlclient15-dev_5.0.51a-24+lenny2_i386.deb
 f662a309b3aeca56a98034b2a254f1eb 7785324 misc optional 
mysql-client-5.0_5.0.51a-24+lenny2_i386.deb
 6628ec53d3a651053b4426a51fac77a0 26514714 misc optional 
mysql-server-5.0_5.0.51a-24+lenny2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqWYcQACgkQiZgNKcDdyD9TfACfVu5r/HOQrKk03eCekkGVa5yW
Us0AmQH1zMENzFpW6Np7V+qV8SjTdcMx
=whgW
-----END PGP SIGNATURE-----

--- End Message ---

Bug#536726: marked as done (post-authentication format string vulnerability (CVE-2009-2446))

Reply via email to