[Pkg-mysql-commits] r875 - in branches/sarge-4.1/debian: . patches

Thu May 17 17:17:38 UTC 2007

tags 424830 pending
thanks

Author: seanius
Date: 2007-05-17 17:17:38 +0000 (Thu, 17 May 2007)
New Revision: 875

Added:
   branches/sarge-4.1/debian/patches/64_SECURITY_CVE-2007-2691_alter-drop.dpatch
Modified:
   branches/sarge-4.1/debian/changelog
   branches/sarge-4.1/debian/patches/00list
Log:
2007-2691

Modified: branches/sarge-4.1/debian/changelog
===================================================================

--- branches/sarge-4.1/debian/changelog	2007-05-13 10:45:24 UTC (rev 874)
+++ branches/sarge-4.1/debian/changelog	2007-05-17 17:17:38 UTC (rev 875)
@@ -1,55 +1,10 @@
-mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low
+mysql-dfsg-4.1 (4.1.11a-4sarge4) oldstable-security; urgency=low
 
-  * SECURITY:
-    MySQL when run on case-sensitive filesystems, allows remote
-    authenticated users to create or access a database when the
-    database name differs only in case from a database for which
-    they have permissions. (CVE-2006-4226). Closes: #384798
+  * Upload prepared for the security team by the debian mysql maintainers
+  * Fix for CVE-2007-2691: DROP/RENAME TABLE statements (closes: #424830).
 
- -- Christian Hammers <ch at debian.org>  Sat, 26 Aug 2006 13:42:02 +0000
+ -- sean finney <seanius at debian.org>  Thu, 17 May 2007 19:13:14 +0200
 
-mysql-dfsg-4.1 (4.1.11a-4sarge6) stable; urgency=low
-
-  * Certain SQL queries could crash the server and prevent master-slave
-    replication from continue until manual intervention was taken.
-    Closes: #383165
-
- -- Christian Hammers <ch at debian.org>  Fri, 25 Aug 2006 21:15:35 +0000
-
-mysql-dfsg-4.1 (4.1.11a-4sarge5) stable-security; urgency=low
-
-  * Security upload prepared for the security team by the Debian MySQL
-    package maintainers.
-  * Fixed DoS bug where any user could crash the server with
-    "SELECT str_to_date(1, NULL);" (CVE-2006-3081).
-    The vulnerability was discovered by Kanatoko <anvil at jumperz.net>.
-    Closes: #373913
-  * Fixed DoS bug where any user could crash the server with
-    "SELECT date_format('%d%s', 1); (CVE-2006-3469).
-    The vulnerability was discovered by Maillefer Jean-David
-    <jean-david at kesako.ch> and filed as MySQL bug #20729.
-    Closes: #375694
-
- -- Christian Hammers <ch at debian.org>  Fri, 16 Jun 2006 09:52:12 +0000
-
-mysql-dfsg-4.1 (4.1.11a-4sarge4) stable-security; urgency=low
-
-  * Security upload prepared for the security team bythe Debian MySQL
-    package maintainers.
-  * Extracted upstream patch from the diff of 4.1.19 and 4.1.20 to fix
-    the following bug:
-    "An SQL-injection security hole has been found in
-     multibyte encoding processing. The bug was in the server,
-     incorrectly parsing the string escaped with mysql_real_escape().
-
-     This vulnerability was discovered and reported by Josh Berkus
-     <josh at postgresql.org> and Tom Lane <tgl at sss.pgh.pa.us> as part of
-     the inter-project security collaboration of the OSDB consortium."
-    (CVE-2006-2753)
-    Closes: #369735
-
- -- Christian Hammers <ch at debian.org>  Wed, 31 May 2006 22:42:57 +0000
-
 mysql-dfsg-4.1 (4.1.11a-4sarge3) stable-security; urgency=low
 
   * Security upload prepared for the security team by the debian mysql

Modified: branches/sarge-4.1/debian/patches/00list
===================================================================
--- branches/sarge-4.1/debian/patches/00list	2007-05-13 10:45:24 UTC (rev 874)
+++ branches/sarge-4.1/debian/patches/00list	2007-05-17 17:17:38 UTC (rev 875)
@@ -18,8 +18,4 @@
 61_SECURITY_CAN-2005-2558.dpatch
 62_SECURITY_CVE-2006-0903.dpatch
 63_SECURITY_CVE-2006-1516-1518.dpatch
-64_SECURITY_CVE-2006-2753.dpatch
-65_SECURITY_CVE-2006-3081.dpatch
-66_SECURITY_CVE-2006-3469.dpatch
-67_SECURITY_CVE-2006-4226.dpatch
-70_replication_fix.dpatch
+64_SECURITY_CVE-2007-2691_alter-drop.dpatch

Added: branches/sarge-4.1/debian/patches/64_SECURITY_CVE-2007-2691_alter-drop.dpatch
===================================================================
--- branches/sarge-4.1/debian/patches/64_SECURITY_CVE-2007-2691_alter-drop.dpatch	                        (rev 0)
+++ branches/sarge-4.1/debian/patches/64_SECURITY_CVE-2007-2691_alter-drop.dpatch	2007-05-17 17:17:38 UTC (rev 875)
@@ -0,0 +1,15 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+# taken from http://lists.mysql.com/commits/24642?f=plain
+
+ at DPATCH@
+--- 1.496/sql/sql_parse.cc	2007-04-17 16:52:53 +05:00
++++ 1.497/sql/sql_parse.cc	2007-04-17 16:52:53 +05:00
+@@ -2818,7 +2818,7 @@ unsent_create_error:
+ 	old_list=table[0];
+ 	new_list=table->next[0];
+ 	old_list.next=new_list.next=0;
+-	if (check_grant(thd, ALTER_ACL, &old_list, 0, UINT_MAX, 0) ||
++	if (check_grant(thd, ALTER_ACL | DROP_ACL, &old_list, 0, UINT_MAX, 0) ||
+ 	    (!test_all_bits(table->next->grant.privilege,
+ 			    INSERT_ACL | CREATE_ACL) &&
+ 	     check_grant(thd, INSERT_ACL | CREATE_ACL, &new_list, 0,


