[Pkg-mysql-commits] r1060 - in branches/sid-5.0/debian: . patches

Norbert Tretkowski nobse at alioth.debian.org
Tue Dec 11 17:32:19 UTC 2007 

tags 455737 pending
thanks

Author: nobse
Date: 2007-12-11 17:32:19 +0000 (Tue, 11 Dec 2007)
New Revision: 1060

Added:
   branches/sid-5.0/debian/patches/92_SECURITY_CVE-2007-6304.dpatch
Modified:
   branches/sid-5.0/debian/changelog
   branches/sid-5.0/debian/patches/00list
Log:
Merge 5.0.45-5.

Modified: branches/sid-5.0/debian/changelog
===================================================================
--- branches/sid-5.0/debian/changelog	2007-12-10 14:50:05 UTC (rev 1059)
+++ branches/sid-5.0/debian/changelog	2007-12-11 17:32:19 UTC (rev 1060)
@@ -25,6 +25,15 @@
 
  -- Norbert Tretkowski <nobse at debian.org>  Mon, 10 Dec 2007 13:51:58 +0100
 
+mysql-dfsg-5.0 (5.0.45-5) unstable; urgency=high
+
+  * SECURITY:
+    Fix for CVE-2007-6304: When using a FEDERATED table, the local server can
+    be forced to crash if the remote server returns a result with fewer columns
+    than expected. (closes: #455737)
+
+ -- Norbert Tretkowski <nobse at debian.org>  Tue, 11 Dec 2007 17:50:56 +0100
+
 mysql-dfsg-5.0 (5.0.45-4) unstable; urgency=high
 
   * SECURITY:

Modified: branches/sid-5.0/debian/patches/00list
===================================================================
--- branches/sid-5.0/debian/patches/00list	2007-12-10 14:50:05 UTC (rev 1059)
+++ branches/sid-5.0/debian/patches/00list	2007-12-11 17:32:19 UTC (rev 1060)
@@ -15,3 +15,4 @@
 89_ndb__staticlib.dpatch
 90_upstreamdebiandir.dpatch
 91_SECURITY_CVE-2007-5925.dpatch
+92_SECURITY_CVE-2007-6304.dpatch

Added: branches/sid-5.0/debian/patches/92_SECURITY_CVE-2007-6304.dpatch
===================================================================
--- branches/sid-5.0/debian/patches/92_SECURITY_CVE-2007-6304.dpatch	                        (rev 0)
+++ branches/sid-5.0/debian/patches/92_SECURITY_CVE-2007-6304.dpatch	2007-12-11 17:32:19 UTC (rev 1060)
@@ -0,0 +1,26 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 92_SECURITY_CVE-2007-6304.dpatch by  <nobse at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix for CVE-2007-6304: When using a FEDERATED table, the local server can
+## DP: be forced to crash if the remote server returns a result with fewer columns
+## DP: than expected. (closes: #455737)
+
+ at DPATCH@
+diff -Nrup a/sql/ha_federated.cc b/sql/ha_federated.cc
+--- a/sql/ha_federated.cc	2007-07-26 05:22:50 +05:00
++++ b/sql/ha_federated.cc	2007-10-15 10:11:50 +05:00
+@@ -2528,7 +2528,12 @@ int ha_federated::info(uint flag)
+     status_query_string.length(0);
+ 
+     result= mysql_store_result(mysql);
+-    if (!result)
++
++    /*
++      We're going to use fields num. 4, 12 and 13 of the resultset,
++      so make sure we have these fields.
++    */
++    if (!result || (mysql_num_fields(result) < 14))
+       goto error;
+ 
+     if (!mysql_num_rows(result))

More information about the Pkg-mysql-commits mailing list