Hello A friendly reader of the Debian mailing lists backported the latest security patch for the mysql version that is in Debian's last release. I post this in case that a) any other people rather like to patch their existing servers than upgrade to a new major release b) anybody finds a problem with this patch thanks, -christian- -- Christian Hammers WESTEND GmbH - Aachen und Dueren Tel 0241/701333-0 [EMAIL PROTECTED] Internet & Security for Professionals Fax 0241/911879 WESTEND ist CISCO Systems Partner - Premium Certified
Dans un message du 21 Jan à 13:28, Christian Hammers écrivait : > Are these changes ok for a severity=high fix? Or is there a C/C++ coder out > there who would backport the patch? I've backported the fix. diff -uNr mysql-3.22.32.old/sql/sql_base.cc mysql-3.22.32/sql/sql_base.cc --- mysql-3.22.32.old/sql/sql_base.cc Fri Jan 19 22:38:00 2001 +++ mysql-3.22.32/sql/sql_base.cc Fri Jan 19 22:40:02 2001 @@ -1093,7 +1093,7 @@ char buff[NAME_LEN*2+1]; if (db) { - strxmov(buff,db,".",table_name,NullS); + strxnmov(buff,sizeof(buff)-1,db,".",table_name,NullS); table_name=buff; } my_printf_error(ER_UNKNOWN_TABLE,ER(ER_UNKNOWN_TABLE),MYF(0),table_name, -- Guillaume Morin <[EMAIL PROTECTED]> Homepage : http://gemorin.free.fr
--------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php