Your message dated Sun, 18 Mar 2007 21:32:07 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#414790: fixed in mysql-dfsg-5.0 5.0.32-7etch1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: mysql-server-5.0
Version: 5.0.32-7
Severity: grave
Tags: security
Justification: user security hole
Hi,
here is the problem:
http://www.sec-consult.com/284.html
I set the severity to "grave" because the advisory does not exclude
arbitrary code execution.
--- End Message ---
--- Begin Message ---
Source: mysql-dfsg-5.0
Source-Version: 5.0.32-7etch1
We believe that the bug you reported is fixed in the latest version of
mysql-dfsg-5.0, which is due to be installed in the Debian FTP archive:
libmysqlclient15-dev_5.0.32-7etch1_i386.deb
to pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch1_i386.deb
libmysqlclient15off_5.0.32-7etch1_i386.deb
to pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch1_i386.deb
mysql-client-5.0_5.0.32-7etch1_i386.deb
to pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch1_i386.deb
mysql-client_5.0.32-7etch1_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch1_all.deb
mysql-common_5.0.32-7etch1_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch1_all.deb
mysql-dfsg-5.0_5.0.32-7etch1.diff.gz
to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch1.diff.gz
mysql-dfsg-5.0_5.0.32-7etch1.dsc
to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch1.dsc
mysql-server-4.1_5.0.32-7etch1_i386.deb
to pool/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch1_i386.deb
mysql-server-5.0_5.0.32-7etch1_i386.deb
to pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch1_i386.deb
mysql-server_5.0.32-7etch1_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Hammers <[EMAIL PROTECTED]> (supplier of updated mysql-dfsg-5.0
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 18 Mar 2007 21:25:19 +0100
Source: mysql-dfsg-5.0
Binary: libmysqlclient15-dev mysql-client mysql-client-5.0 mysql-server
mysql-server-4.1 mysql-server-5.0 mysql-common libmysqlclient15off
Architecture: source all i386
Version: 5.0.32-7etch1
Distribution: testing-proposed-updates
Urgency: high
Maintainer: Christian Hammers <[EMAIL PROTECTED]>
Changed-By: Christian Hammers <[EMAIL PROTECTED]>
Description:
libmysqlclient15-dev - mysql database development files
libmysqlclient15off - mysql database client library
mysql-client - mysql database client (meta package depending on the latest
versi
mysql-client-5.0 - mysql database client binaries
mysql-common - mysql database common files (e.g. /etc/mysql/my.cnf)
mysql-server - mysql database server (meta package depending on the latest
versi
mysql-server-4.1 - mysql database server (transitional package)
mysql-server-5.0 - mysql database server binaries
Closes: 414790
Changes:
mysql-dfsg-5.0 (5.0.32-7etch1) testing-proposed-updates; urgency=high
.
* SECURITY:
CVE-2007-1420: Single Row Subselect DoS. Specially crafted subselect
queries could crash the mysql server. Patch backported from upstream
changeset 19685 (46_CVE-2007-1420_subselect_dos.dpatch). Closes: #414790.
Files:
c7de7f6cffc4471ef7a3f9d63cca4913 1125 misc optional
mysql-dfsg-5.0_5.0.32-7etch1.dsc
a240874ddcd79c5bc89724eb236afc62 151457 misc optional
mysql-dfsg-5.0_5.0.32-7etch1.diff.gz
01026ce7c93f31affa5ea58c0bdf3a42 52934 misc optional
mysql-common_5.0.32-7etch1_all.deb
57f76caba3e1535a1944e03ab7b0c35e 46676 misc optional
mysql-server_5.0.32-7etch1_all.deb
006fb8706d0920efaf84b3a47d0f9a2f 44600 misc optional
mysql-client_5.0.32-7etch1_all.deb
b979f65515c2dde9070cacaaa27818a8 1790636 libs optional
libmysqlclient15off_5.0.32-7etch1_i386.deb
92ced9294d33fc3d3031cc1279133e03 6956852 libdevel optional
libmysqlclient15-dev_5.0.32-7etch1_i386.deb
b10c4cdacffa6b907981f6ebc5388bd2 7193404 misc optional
mysql-client-5.0_5.0.32-7etch1_i386.deb
52a1a378f560af8619d323cff394998d 25224320 misc optional
mysql-server-5.0_5.0.32-7etch1_i386.deb
1ce9430e6eacc131b7e075b0497afdff 46708 oldlibs extra
mysql-server-4.1_5.0.32-7etch1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iEYEARECAAYFAkX9quIACgkQkR9K5oahGObAZgCgwGHRcs1YXZWlioyT0FPhDNpD
6VkAnjT8oIyl9sxPU6uAP/t5EZFwzSB+
=bCo/
-----END PGP SIGNATURE-----
--- End Message ---
