Hello On 2006-07-04 Christian Hammers wrote: > It's time for a new MySQL DSA :) On > http://www.lathspell.de/linux/debian/mysql/sarge-4.1 > you find *sarge5.deb pacakges that fix the following two vulnerabilities: > > * Fixed DoS bug where any user could crash the server with > "SELECT str_to_date(1, NULL);" (CVE-2006-3081). > The vulnerability was discovered by Kanatoko <[EMAIL PROTECTED]>. > Closes: #373913 > * Fixed DoS bug where any user could crash the server with > "SELECT date_format('%d%s', 1); (CVE-2006-XXXX). > The vulnerability was discovered by Maillefer Jean-David > <[EMAIL PROTECTED]> and filed as MySQL bug #20729. > Closes: #375694
What's the current status of this prepared security update? (Moritz?) The current packages on lathepell.de contain now the official MySQL patch für the second bug so there's not much work needed anymore. We just need a CVE id for it. Both bugs only affects Sarge 4.1, not Woody 3.23. Sarge 4.0 or Sid 5.0. bye, -christian-
