Your message dated Wed, 23 Jan 2008 13:32:06 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#460873: fixed in mysql-dfsg-5.0 5.0.51-3 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: mysql-dfsg-5.0 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for mysql-dfsg-5.0. CVE-2008-0227[0]: | yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, | allows remote attackers to cause a denial of service (crash) via a | Hello packet containing a large size value, which triggers a buffer | over-read in the HASHwithTransform::Update function in hash.cpp. CVE-2008-0226[0]: | Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL | and possibly other products, allow remote attackers to execute | arbitrary code via (1) the ProcessOldClientHello function in | handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0227 [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0226 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.pgp9S7NV6G3eX.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: mysql-dfsg-5.0 Source-Version: 5.0.51-3 We believe that the bug you reported is fixed in the latest version of mysql-dfsg-5.0, which is due to be installed in the Debian FTP archive: libmysqlclient15-dev_5.0.51-3_amd64.deb to pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51-3_amd64.deb libmysqlclient15off_5.0.51-3_amd64.deb to pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51-3_amd64.deb mysql-client-5.0_5.0.51-3_amd64.deb to pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51-3_amd64.deb mysql-client_5.0.51-3_all.deb to pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.51-3_all.deb mysql-common_5.0.51-3_all.deb to pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.51-3_all.deb mysql-dfsg-5.0_5.0.51-3.diff.gz to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51-3.diff.gz mysql-dfsg-5.0_5.0.51-3.dsc to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51-3.dsc mysql-server-5.0_5.0.51-3_amd64.deb to pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51-3_amd64.deb mysql-server_5.0.51-3_all.deb to pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.51-3_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Norbert Tretkowski <[EMAIL PROTECTED]> (supplier of updated mysql-dfsg-5.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 23 Jan 2008 11:37:11 +0100 Source: mysql-dfsg-5.0 Binary: libmysqlclient15off libmysqlclient15-dev mysql-common mysql-client-5.0 mysql-server-5.0 mysql-server mysql-client Architecture: source all amd64 Version: 5.0.51-3 Distribution: unstable Urgency: high Maintainer: Debian MySQL Maintainers <[EMAIL PROTECTED]> Changed-By: Norbert Tretkowski <[EMAIL PROTECTED]> Description: libmysqlclient15-dev - MySQL database development files libmysqlclient15off - MySQL database client library mysql-client - MySQL database client (meta package depending on the latest versi mysql-client-5.0 - MySQL database client binaries mysql-common - MySQL database common files mysql-server - MySQL database server (meta package depending on the latest versi mysql-server-5.0 - MySQL database server binaries Closes: 458798 460402 460873 Changes: mysql-dfsg-5.0 (5.0.51-3) unstable; urgency=high . * SECURITY: Fix for CVE-2008-0226 and CVE-2008-0227: Three vulnerabilities in yaSSL versions 1.7.5 and earlier were discovered that could lead to a server crash or execution of unauthorized code. The exploit requires a server with yaSSL enabled and TCP/IP connections enabled, but does not require valid MySQL account credentials. The exploit does not apply to OpenSSL. (closes: #460873) * Fix LSB header in init scripts (patch from Petter Reinholdtsen). (closes: #458798) * Run testsuite on all archs, but ignore errors on alpha, arm, armel, hppa, mipsel and sparc. (closes: #460402) Files: 0d70f485efaf8d33bc4bbd638b08b271 1299 misc optional mysql-dfsg-5.0_5.0.51-3.dsc 87e6d909b9cab5db68cf970658d080bc 296285 misc optional mysql-dfsg-5.0_5.0.51-3.diff.gz b1073455587b80ffae0299fa81e76657 57392 misc optional mysql-common_5.0.51-3_all.deb e065bf16db2830f14af630e621ca9f6e 51450 misc optional mysql-server_5.0.51-3_all.deb b07e139796b49b2817621817ab9a37dc 49252 misc optional mysql-client_5.0.51-3_all.deb d0ed1d9854820b3701ede3ab51b78ff0 1899280 libs optional libmysqlclient15off_5.0.51-3_amd64.deb 074161a5f9b1a75be5e9b960333bf10c 7561492 libdevel optional libmysqlclient15-dev_5.0.51-3_amd64.deb 2a372df085d2220f3df65b9dd418f140 8185152 misc optional mysql-client-5.0_5.0.51-3_amd64.deb ed72410a15269e1c9508fdb255f89e8c 27861064 misc optional mysql-server-5.0_5.0.51-3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHlzFtr/RnCw96jQERAnD6AKC34A0bUCCNJoFV/JvElNERzYFdvgCfQUJQ Hxl1TzwCDKOPShtxLZ2+/p4= =R4Ew -----END PGP SIGNATURE-----
--- End Message ---