Hi!
On Jul 05, Christian Hammers wrote:
> Hello MySQL Security-Team
>
> Bug #20729 seems to be security relevant as it allowes crashing the
> complete server by any unprivileged user by issuing a simple query.
Agree.
> Whether it crashes or just prints garbage sprintf() output probably
> depends on the libc version or the compiled architecture but the bug
> is clearly in the mysql code.
>
> As it does crash on Debian we will issue a security advisory for it
Ok, please tell us CVE number when you'll know it.
(as usual :)
> (and I would be happy if someone could confirm that my self written
> patch does no more harm than cure :))
Done.
Regards,
Sergei
--
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Sergei Golubchik <[EMAIL PROTECTED]>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Senior Software Developer
/_/ /_/\_, /___/\___\_\___/ Kerpen, Germany
<___/ www.mysql.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
