[Pkg-mysql-commits] r878 - in branches/sid-5.0/debian: . patches

Sean Finney seanius at alioth.debian.org
Thu May 17 17:57:37 UTC 2007 

tags 424778 pending
thanks

Author: seanius
Date: 2007-05-17 17:57:37 +0000 (Thu, 17 May 2007)
New Revision: 878

Added:
   branches/sid-5.0/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch
Modified:
   branches/sid-5.0/debian/changelog
   branches/sid-5.0/debian/patches/00list
Log:
CVE-2007-2691

Modified: branches/sid-5.0/debian/changelog
===================================================================
--- branches/sid-5.0/debian/changelog	2007-05-17 17:53:56 UTC (rev 877)
+++ branches/sid-5.0/debian/changelog	2007-05-17 17:57:37 UTC (rev 878)
@@ -1,8 +1,9 @@
 mysql-dfsg-5.0 (5.0.41-3) UNRELEASED; urgency=low
 
   * NOT RELEASED YET
+  * Fix for CVE-2007-2691: DROP/RENAME TABLE statements (closes: #424778).
 
- -- sean finney <seanius at debian.org>  Sun, 13 May 2007 12:44:38 +0200
+ -- sean finney <seanius at debian.org>  Thu, 17 May 2007 19:56:38 +0200
 
 mysql-dfsg-5.0 (5.0.41-2) unstable; urgency=low
 
@@ -180,6 +181,8 @@
 
 mysql-dfsg-5.0 (5.0.32-4) unstable; urgency=high
 
+=======
+>>>>>>> .merge-right.r875
   [Christian Hammers]
   * Changed minimum required version in dh_makeshlibs to 5.0.27-1 as
     5.0.26 had an ABI breakage in it!

Modified: branches/sid-5.0/debian/patches/00list
===================================================================
--- branches/sid-5.0/debian/patches/00list	2007-05-17 17:53:56 UTC (rev 877)
+++ branches/sid-5.0/debian/patches/00list	2007-05-17 17:57:37 UTC (rev 878)
@@ -13,3 +13,4 @@
 86_PATH_MAX.dpatch
 88_mctype_attrib.dpatch
 89_ndb__staticlib.dpatch
+91_SECURITY_CVE-2007-2691_alter-drop.dpatch

Copied: branches/sid-5.0/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch (from rev 877, branches/etch-5.0/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch)
===================================================================
--- branches/sid-5.0/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch	                        (rev 0)
+++ branches/sid-5.0/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch	2007-05-17 17:57:37 UTC (rev 878)
@@ -0,0 +1,15 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+# taken from http://lists.mysql.com/commits/24642?f=plain
+
+ at DPATCH@
+--- 1.496/sql/sql_parse.cc	2007-04-17 16:52:53 +05:00
++++ 1.497/sql/sql_parse.cc	2007-04-17 16:52:53 +05:00
+@@ -3161,7 +3161,7 @@ unsent_create_error:
+	*/
+ 	old_list= table[0];
+ 	new_list= table->next_local[0];
+-	if (check_grant(thd, ALTER_ACL, &old_list, 0, 1, 0) ||
++	if (check_grant(thd, ALTER_ACL | DROP_ACL, &old_list, 0, 1, 0) ||
+ 	    (!test_all_bits(table->next_local->grant.privilege,
+ 			    INSERT_ACL | CREATE_ACL) &&
+ 	     check_grant(thd, INSERT_ACL | CREATE_ACL, &new_list, 0, 1, 0)))

More information about the Pkg-mysql-commits mailing list