Hi! On Jul 05, Christian Hammers wrote: > Hello MySQL Security-Team > > Bug #20729 seems to be security relevant as it allowes crashing the > complete server by any unprivileged user by issuing a simple query.
Agree. > Whether it crashes or just prints garbage sprintf() output probably > depends on the libc version or the compiled architecture but the bug > is clearly in the mysql code. > > As it does crash on Debian we will issue a security advisory for it Ok, please tell us CVE number when you'll know it. (as usual :) > (and I would be happy if someone could confirm that my self written > patch does no more harm than cure :)) Done. Regards, Sergei -- __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Sergei Golubchik <[EMAIL PROTECTED]> / /|_/ / // /\ \/ /_/ / /__ MySQL AB, Senior Software Developer /_/ /_/\_, /___/\___\_\___/ Kerpen, Germany <___/ www.mysql.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]