Hello
A friendly reader of the Debian mailing lists backported the latest
security patch for the mysql version that is in Debian's last release.
I post this in case that
a) any other people rather like to patch their existing servers than
upgrade to a new major release
b) anybody finds a problem with this patch
thanks,
-christian-
--
Christian Hammers WESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet & Security for Professionals Fax 0241/911879
WESTEND ist CISCO Systems Partner - Premium Certified
Dans un message du 21 Jan à 13:28, Christian Hammers écrivait :
> Are these changes ok for a severity=high fix? Or is there a C/C++ coder out
> there who would backport the patch?
I've backported the fix.
diff -uNr mysql-3.22.32.old/sql/sql_base.cc mysql-3.22.32/sql/sql_base.cc
--- mysql-3.22.32.old/sql/sql_base.cc Fri Jan 19 22:38:00 2001
+++ mysql-3.22.32/sql/sql_base.cc Fri Jan 19 22:40:02 2001
@@ -1093,7 +1093,7 @@
char buff[NAME_LEN*2+1];
if (db)
{
- strxmov(buff,db,".",table_name,NullS);
+ strxnmov(buff,sizeof(buff)-1,db,".",table_name,NullS);
table_name=buff;
}
my_printf_error(ER_UNKNOWN_TABLE,ER(ER_UNKNOWN_TABLE),MYF(0),table_name,
--
Guillaume Morin <[EMAIL PROTECTED]>
Homepage : http://gemorin.free.fr
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
