Your message dated Wed, 30 Aug 2006 23:05:18 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#373913: fixed in mysql-dfsg-4.1 4.1.11a-4sarge5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: mysql-server
Version: 3.23.49-8.15 4.0.24-10sarge2
Severity: grave
Tags: security
A query like "select str_to_date( 1, NULL );" crashes mysqld.
This affects:
Woody: mysql-server 3.23.x
Sarge: mysql-server 4.0.x
Sarge: mysql-server-4.1 4.1.x
Unstable/Testing is already fixed.
We are already preparing a DSA for Woody and Sarge.
References:
http://seclists.org/lists/fulldisclosure/2006/Jun/0434.html
http://bugs.mysql.com/bug.php?id=15828
bye,
-christan-
--- End Message ---
--- Begin Message ---
Source: mysql-dfsg-4.1
Source-Version: 4.1.11a-4sarge5
We believe that the bug you reported is fixed in the latest version of
mysql-dfsg-4.1, which is due to be installed in the Debian FTP archive:
libmysqlclient14-dev_4.1.11a-4sarge5_i386.deb
to pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_i386.deb
libmysqlclient14_4.1.11a-4sarge5_i386.deb
to pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_i386.deb
mysql-client-4.1_4.1.11a-4sarge5_i386.deb
to pool/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_i386.deb
mysql-common-4.1_4.1.11a-4sarge5_all.deb
to pool/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge5_all.deb
mysql-dfsg-4.1_4.1.11a-4sarge5.diff.gz
to pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge5.diff.gz
mysql-dfsg-4.1_4.1.11a-4sarge5.dsc
to pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge5.dsc
mysql-server-4.1_4.1.11a-4sarge5_i386.deb
to pool/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Hammers <[EMAIL PROTECTED]> (supplier of updated mysql-dfsg-4.1
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 16 Jun 2006 09:52:12 +0000
Source: mysql-dfsg-4.1
Binary: libmysqlclient14-dev mysql-common-4.1 libmysqlclient14 mysql-server-4.1
mysql-client-4.1
Architecture: source i386 all
Version: 4.1.11a-4sarge5
Distribution: stable-security
Urgency: low
Maintainer: Christian Hammers <[EMAIL PROTECTED]>
Changed-By: Christian Hammers <[EMAIL PROTECTED]>
Description:
libmysqlclient14 - mysql database client library
libmysqlclient14-dev - mysql database development files
mysql-client-4.1 - mysql database client binaries
mysql-common-4.1 - mysql database common files (e.g. /etc/mysql/my.cnf)
mysql-server-4.1 - mysql database server binaries
Closes: 373913 375694
Changes:
mysql-dfsg-4.1 (4.1.11a-4sarge5) stable-security; urgency=low
.
* Security upload prepared for the security team by the Debian MySQL
package maintainers.
* Fixed DoS bug where any user could crash the server with
"SELECT str_to_date(1, NULL);" (CVE-2006-3081).
The vulnerability was discovered by Kanatoko <[EMAIL PROTECTED]>.
Closes: #373913
* Fixed DoS bug where any user could crash the server with
"SELECT date_format('%d%s', 1); (CVE-2006-3469).
The vulnerability was discovered by Maillefer Jean-David
<[EMAIL PROTECTED]> and filed as MySQL bug #20729.
Closes: #375694
Files:
9cd4f7df9345856d06846e0ddb50b9ee 1021 misc optional
mysql-dfsg-4.1_4.1.11a-4sarge5.dsc
e45db0b01b3adaf09500d54090f3a1e1 168442 misc optional
mysql-dfsg-4.1_4.1.11a-4sarge5.diff.gz
e8115191126dc0b373a53024e5c78733 36520 misc optional
mysql-common-4.1_4.1.11a-4sarge5_all.deb
ab5768abe67a1d21c714a078f2ec86f0 1418036 libs optional
libmysqlclient14_4.1.11a-4sarge5_i386.deb
bf891e68e488947fd28a940a367d722f 5643732 libdevel optional
libmysqlclient14-dev_4.1.11a-4sarge5_i386.deb
f5d4a9e5b289d895ba021190f907829f 830724 misc optional
mysql-client-4.1_4.1.11a-4sarge5_i386.deb
b580eeaf7a3806b95a07435acbe48e27 14558034 misc optional
mysql-server-4.1_4.1.11a-4sarge5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEsq66Xm3vHE4uyloRAgB4AKDZu0uKZDSFB8uicz4G1oFrIR+YEwCgnzNr
E3zati36cyhJRqWDcL2bP4Q=
=HUF7
-----END PGP SIGNATURE-----
--- End Message ---
