[Pkg-mysql-commits] r876 - in branches/etch-5.0/debian: . patches

Sean Finney seanius at alioth.debian.org
Thu May 17 17:35:49 UTC 2007 

Author: seanius
Date: 2007-05-17 17:35:49 +0000 (Thu, 17 May 2007)
New Revision: 876

Added:
   branches/etch-5.0/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch
Modified:
   branches/etch-5.0/debian/changelog
   branches/etch-5.0/debian/patches/00list
Log:
2007-2691

Modified: branches/etch-5.0/debian/changelog
===================================================================
--- branches/etch-5.0/debian/changelog	2007-05-17 17:17:38 UTC (rev 875)
+++ branches/etch-5.0/debian/changelog	2007-05-17 17:35:49 UTC (rev 876)
@@ -1,3 +1,10 @@
+mysql-dfsg-5.0 (5.0.32-7etch3) stable-security; urgency=high
+
+  * Upload prepared for the security team by the debian mysql maintainers
+  * Fix for CVE-2007-2691: DROP/RENAME TABLE statements (ref: #424778).
+
+ -- sean finney <seanius at debian.org>  Thu, 17 May 2007 19:31:41 +0200
+
 mysql-dfsg-5.0 (5.0.32-7etch2) testing-proposed-updates; urgency=high
 
   * Fixed segfault on i486 systems without cpuid instruction (thanks to
@@ -74,6 +81,8 @@
 
 mysql-dfsg-5.0 (5.0.32-4) unstable; urgency=high
 
+=======
+>>>>>>> .merge-right.r875
   [Christian Hammers]
   * Changed minimum required version in dh_makeshlibs to 5.0.27-1 as
     5.0.26 had an ABI breakage in it!

Modified: branches/etch-5.0/debian/patches/00list
===================================================================
--- branches/etch-5.0/debian/patches/00list	2007-05-17 17:17:38 UTC (rev 875)
+++ branches/etch-5.0/debian/patches/00list	2007-05-17 17:35:49 UTC (rev 876)
@@ -19,3 +19,4 @@
 88_mctype_attrib.dpatch
 89_ndb__staticlib.dpatch
 90_tmp__limit_comma_bug.dpatch
+91_SECURITY_CVE-2007-2691_alter-drop.dpatch

Added: branches/etch-5.0/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch
===================================================================
--- branches/etch-5.0/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch	                        (rev 0)
+++ branches/etch-5.0/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch	2007-05-17 17:35:49 UTC (rev 876)
@@ -0,0 +1,15 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+# taken from http://lists.mysql.com/commits/24642?f=plain
+
+ at DPATCH@
+--- 1.496/sql/sql_parse.cc	2007-04-17 16:52:53 +05:00
++++ 1.497/sql/sql_parse.cc	2007-04-17 16:52:53 +05:00
+@@ -2818,7 +2818,7 @@ unsent_create_error:
+ 	old_list=table[0];
+ 	new_list=table->next[0];
+ 	old_list.next=new_list.next=0;
+-	if (check_grant(thd, ALTER_ACL, &old_list, 0, UINT_MAX, 0) ||
++	if (check_grant(thd, ALTER_ACL | DROP_ACL, &old_list, 0, UINT_MAX, 0) ||
+ 	    (!test_all_bits(table->next->grant.privilege,
+ 			    INSERT_ACL | CREATE_ACL) &&
+ 	     check_grant(thd, INSERT_ACL | CREATE_ACL, &new_list, 0,

More information about the Pkg-mysql-commits mailing list