Your message dated Wed, 14 Mar 2007 21:32:07 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#414790: fixed in mysql-dfsg-5.0 5.0.32-8
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: mysql-server-5.0
Version: 5.0.32-7
Severity: grave
Tags: security
Justification: user security hole
Hi,
here is the problem:
http://www.sec-consult.com/284.html
I set the severity to "grave" because the advisory does not exclude
arbitrary code execution.
--- End Message ---
--- Begin Message ---
Source: mysql-dfsg-5.0
Source-Version: 5.0.32-8
We believe that the bug you reported is fixed in the latest version of
mysql-dfsg-5.0, which is due to be installed in the Debian FTP archive:
libmysqlclient15-dev_5.0.32-8_amd64.deb
to pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-8_amd64.deb
libmysqlclient15off_5.0.32-8_amd64.deb
to pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-8_amd64.deb
mysql-client-5.0_5.0.32-8_amd64.deb
to pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-8_amd64.deb
mysql-client_5.0.32-8_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-8_all.deb
mysql-common_5.0.32-8_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-8_all.deb
mysql-dfsg-5.0_5.0.32-8.diff.gz
to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-8.diff.gz
mysql-dfsg-5.0_5.0.32-8.dsc
to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-8.dsc
mysql-server-4.1_5.0.32-8_amd64.deb
to pool/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-8_amd64.deb
mysql-server-5.0_5.0.32-8_amd64.deb
to pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-8_amd64.deb
mysql-server_5.0.32-8_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-8_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
sean finney <[EMAIL PROTECTED]> (supplier of updated mysql-dfsg-5.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 14 Mar 2007 20:19:08 +0100
Source: mysql-dfsg-5.0
Binary: libmysqlclient15-dev mysql-client mysql-client-5.0 mysql-server
mysql-server-4.1 mysql-server-5.0 mysql-common libmysqlclient15off
Architecture: source all amd64
Version: 5.0.32-8
Distribution: unstable
Urgency: high
Maintainer: Christian Hammers <[EMAIL PROTECTED]>
Changed-By: sean finney <[EMAIL PROTECTED]>
Description:
libmysqlclient15-dev - mysql database development files
libmysqlclient15off - mysql database client library
mysql-client - mysql database client (meta package depending on the latest
versi
mysql-client-5.0 - mysql database client binaries
mysql-common - mysql database common files (e.g. /etc/mysql/my.cnf)
mysql-server - mysql database server (meta package depending on the latest
versi
mysql-server-4.1 - mysql database server (transitional package)
mysql-server-5.0 - mysql database server binaries
Closes: 414790
Changes:
mysql-dfsg-5.0 (5.0.32-8) unstable; urgency=high
.
[Sean Finney]
* SECURITY:
- CVE-2007-1420: Single Row Subselect DoS. Specially crafted subselect
queries could crash the mysql server. Patch backported from upstream
changeset 19685 (46_CVE-2007-1420_subselect_dos.dpatch)
closes: #414790.
[Christian Hammers]
* Adapt MAKE_J to use the -j option with the number of available processors.
(thanks to Raphael Pinson).
* Updated mysqlreport to latest upstream (and patched --help usage message
and "return if qcache_size==0").
Files:
713c971583f59ede5312c31e77284eaa 1107 misc optional mysql-dfsg-5.0_5.0.32-8.dsc
60078e56599a26a9faa0cd6229481ad8 155594 misc optional
mysql-dfsg-5.0_5.0.32-8.diff.gz
8a4c95f2d9527221f5ffd8cbd76f30a6 53024 misc optional
mysql-common_5.0.32-8_all.deb
512a1d5a02302d8355dd725e81842da9 46770 misc optional
mysql-server_5.0.32-8_all.deb
1747c1083d51afc7e35453d0e27bd672 44698 misc optional
mysql-client_5.0.32-8_all.deb
8fcb650b365d5854da9bb635e23d9e50 1828620 libs optional
libmysqlclient15off_5.0.32-8_amd64.deb
79897e6181d844d3ec35f6442b414d29 7368110 libdevel optional
libmysqlclient15-dev_5.0.32-8_amd64.deb
a4e80dc68186910af0b2b75d860d0f51 7545740 misc optional
mysql-client-5.0_5.0.32-8_amd64.deb
10273c5a5a8dc9cd9376836c0953a18f 25814718 misc optional
mysql-server-5.0_5.0.32-8_amd64.deb
75a135a514559fdf45236838994e99a4 46796 oldlibs extra
mysql-server-4.1_5.0.32-8_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF+FatynjLPm522B0RAtW7AJ4s76LEEeKmXYefr2SaG8CfiZz0NQCeM7Ns
Qx4YCjUqAy4wakN6We05hQA=
=nmd7
-----END PGP SIGNATURE-----
--- End Message ---
