Your message dated Mon, 07 Jun 2010 19:56:22 +0000
with message-id <e1oliqo-0002tf...@ries.debian.org>
and subject line Bug#584400: fixed in mysql-dfsg-5.0 5.0.51a-24+lenny4
has caused the Debian Bug report #584400,
regarding CVE-2010-1626
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
584400: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584400
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: mysql-dfsg-5.0
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mysql-dfsg-5.0.
CVE-2010-1626[0]:
| MySQL before 5.1.46 allows local users to delete the data and index
| files of another user's MyISAM table via a symlink attack in
| conjunction with the DROP TABLE command, a different vulnerability
| than CVE-2008-4098 and CVE-2008-7247.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1626
http://security-tracker.debian.org/tracker/CVE-2010-1626
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwHhgEACgkQNxpp46476apr1ACgj/0dTbl7XPSC3wR0fH2kRxCU
Os0Anjh8yNqu6lKjXyJrrwL9zl/ab+/C
=RgmB
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: mysql-dfsg-5.0
Source-Version: 5.0.51a-24+lenny4
We believe that the bug you reported is fixed in the latest version of
mysql-dfsg-5.0, which is due to be installed in the Debian FTP archive:
libmysqlclient15-dev_5.0.51a-24+lenny4_i386.deb
to main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_i386.deb
libmysqlclient15off_5.0.51a-24+lenny4_i386.deb
to main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_i386.deb
mysql-client-5.0_5.0.51a-24+lenny4_i386.deb
to main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_i386.deb
mysql-client_5.0.51a-24+lenny4_all.deb
to main/m/mysql-dfsg-5.0/mysql-client_5.0.51a-24+lenny4_all.deb
mysql-common_5.0.51a-24+lenny4_all.deb
to main/m/mysql-dfsg-5.0/mysql-common_5.0.51a-24+lenny4_all.deb
mysql-dfsg-5.0_5.0.51a-24+lenny4.diff.gz
to main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny4.diff.gz
mysql-dfsg-5.0_5.0.51a-24+lenny4.dsc
to main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny4.dsc
mysql-server-5.0_5.0.51a-24+lenny4_i386.deb
to main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_i386.deb
mysql-server_5.0.51a-24+lenny4_all.deb
to main/m/mysql-dfsg-5.0/mysql-server_5.0.51a-24+lenny4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 584...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated mysql-dfsg-5.0
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 04 Jun 2010 17:08:45 +0200
Source: mysql-dfsg-5.0
Binary: libmysqlclient15off libmysqlclient15-dev mysql-common mysql-client-5.0
mysql-server-5.0 mysql-server mysql-client
Architecture: source all i386
Version: 5.0.51a-24+lenny4
Distribution: stable-security
Urgency: high
Maintainer: Debian MySQL Maintainers <pkg-mysql-ma...@lists.alioth.debian.org>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description:
libmysqlclient15-dev - MySQL database development files
libmysqlclient15off - MySQL database client library
mysql-client - MySQL database client (metapackage depending on the latest
versio
mysql-client-5.0 - MySQL database client binaries
mysql-common - MySQL database common files
mysql-server - MySQL database server (metapackage depending on the latest
versio
mysql-server-5.0 - MySQL database server binaries
Closes: 584400
Changes:
mysql-dfsg-5.0 (5.0.51a-24+lenny4) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2010-1626: allows local users to delete the data and index files
of another user's MyISAM table via a symlink attack in conjunction with the
DROP TABLE command (Closes: #584400)
* Fixed CVE-2010-1848: Multiple insufficient table name checks
* Fixed CVE-2010-1849: DoS through oversized packets
* Fixed CVE-2010-1850: Table name buffer overflow
Checksums-Sha1:
4cc1e647ac1e065a3a04ca589389ff664110d24f 1746
mysql-dfsg-5.0_5.0.51a-24+lenny4.dsc
61335b7d0dbfa5f483ff8089059cf4180f90422e 382688
mysql-dfsg-5.0_5.0.51a-24+lenny4.diff.gz
aad3aaaf3083cc5be5143ef5d3f11745c17d904c 61784
mysql-common_5.0.51a-24+lenny4_all.deb
882321bf30da07988eb4378ec297c7df5e4ed027 55208
mysql-server_5.0.51a-24+lenny4_all.deb
d8303c5541e232a90b0a27f088ab3ea108ed784d 53012
mysql-client_5.0.51a-24+lenny4_all.deb
d31bd517f0f3d8cf900b51d12e5fe621284ddc3e 1860698
libmysqlclient15off_5.0.51a-24+lenny4_i386.deb
c091e3c064346522ee81e8520ffbf62a996eb9b2 7201148
libmysqlclient15-dev_5.0.51a-24+lenny4_i386.deb
1a13a378453013494b08be32485e85ca0282a779 7785564
mysql-client-5.0_5.0.51a-24+lenny4_i386.deb
5e330f7c6150605a1d1bdc8f8f310ab432e97848 26655616
mysql-server-5.0_5.0.51a-24+lenny4_i386.deb
Checksums-Sha256:
9767763918d752e09a9cdce9d9da11df06c354be555c6795702f5eb382453db4 1746
mysql-dfsg-5.0_5.0.51a-24+lenny4.dsc
b70430c5ad70fe3a04ebdc7d72edc8761c61a2d1aed9a6f78e47f252bd7d8f04 382688
mysql-dfsg-5.0_5.0.51a-24+lenny4.diff.gz
d1627a1b82aced628fa44a34ff8663970c97ec06f5b38a7088fd4dcd48547aaa 61784
mysql-common_5.0.51a-24+lenny4_all.deb
0529643bcbf4b9a01615d9c299784251652545b3374f8462624d96d673ab6fde 55208
mysql-server_5.0.51a-24+lenny4_all.deb
ee30d4260914e9ed910d88da32a34826f63f1b5fb5e06b4c226daa06f59b6967 53012
mysql-client_5.0.51a-24+lenny4_all.deb
fdef36d1b361f47665de2d836dfab1e1b1d34a2f1ceecae272ba6ab3a71e7eb9 1860698
libmysqlclient15off_5.0.51a-24+lenny4_i386.deb
8da2688696e48cd1717ceda24f2594c712144bc4e646bf84d69a2e5e4f6c6a8e 7201148
libmysqlclient15-dev_5.0.51a-24+lenny4_i386.deb
dd70246ed4df124da93c73cdd85844400abbf7e017a808df52c692fb97f48359 7785564
mysql-client-5.0_5.0.51a-24+lenny4_i386.deb
4ab53802be307ace8bf52eeffb1b4bd41c640b6de33099a263b0b373440f6353 26655616
mysql-server-5.0_5.0.51a-24+lenny4_i386.deb
Files:
213d7a9655000a669a9262b68a645b84 1746 misc optional
mysql-dfsg-5.0_5.0.51a-24+lenny4.dsc
98904282d9b1ba07a5fa441695c9cefd 382688 misc optional
mysql-dfsg-5.0_5.0.51a-24+lenny4.diff.gz
165889f524b9cd317462910f34871652 61784 misc optional
mysql-common_5.0.51a-24+lenny4_all.deb
0059173c20f96569e532f34e8d8e6d3d 55208 misc optional
mysql-server_5.0.51a-24+lenny4_all.deb
7b2c03b1e86bb4634bb65b7fd65a8ce0 53012 misc optional
mysql-client_5.0.51a-24+lenny4_all.deb
fa79c4525944c5fc2938838697991d2a 1860698 libs optional
libmysqlclient15off_5.0.51a-24+lenny4_i386.deb
dec28c17afdfbc427b03b3dc7b16ae80 7201148 libdevel optional
libmysqlclient15-dev_5.0.51a-24+lenny4_i386.deb
59607135a3509e3bdf5aacbe0f7b9e27 7785564 misc optional
mysql-client-5.0_5.0.51a-24+lenny4_i386.deb
660b2d3f55af9a0ffff5dec3ccb265b2 26655616 misc optional
mysql-server-5.0_5.0.51a-24+lenny4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwKkUgACgkQNxpp46476aqneACfUVmb4tDkZ8BV/0ytw1nYmeSg
EqAAnjYEsyDyqtUTUfp4pqPcELsi+/YR
=PoY5
-----END PGP SIGNATURE-----
--- End Message ---
