Hi There are two more CVEs[0][1] against mysql-dfsg-5.0.
CVE-2007-5968: MySQL 5.1.x before 5.1.23 might allow attackers to gain privileges via unspecified use of the BINLOG statement in conjunction with the binlog filename, which is interpreted as an absolute path by some components of the product, and as a relative path by other components. Patch: http://lists.mysql.com/commits/37098 CVE-2007-6303: MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. Patch: http://bugs.mysql.com/bug.php?id=29908 Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5968 [1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6303
signature.asc
Description: This is a digitally signed message part.
