[Pkg-mysql-commits] r881 - in branches/etch-5.0/debian: . patches
Sean Finney
seanius at alioth.debian.org
Mon May 28 17:35:05 UTC 2007
Author: seanius
Date: 2007-05-28 17:35:05 +0000 (Mon, 28 May 2007)
New Revision: 881
Added:
branches/etch-5.0/debian/patches/90_SECURITY_CVE-2007-2583_item_cmpfunc.dpatch
Modified:
branches/etch-5.0/debian/changelog
branches/etch-5.0/debian/patches/00list
Log:
CVE-2007-2583
Modified: branches/etch-5.0/debian/changelog
===================================================================
--- branches/etch-5.0/debian/changelog 2007-05-28 17:16:23 UTC (rev 880)
+++ branches/etch-5.0/debian/changelog 2007-05-28 17:35:05 UTC (rev 881)
@@ -3,8 +3,9 @@
* Upload prepared for the security team by the debian mysql maintainers
* Fix for CVE-2007-2691: DROP/RENAME TABLE statements (ref: #424778).
* Fix for CVE-2007-2692: THD::db_access privileges (ref: #424830).
+ * Fix for CVE-2007-2583: null dereference in item_cmpfunc.cc
- -- sean finney <seanius at debian.org> Thu, 17 May 2007 19:31:41 +0200
+ -- sean finney <seanius at debian.org> Mon, 28 May 2007 19:34:34 +0200
mysql-dfsg-5.0 (5.0.32-7etch2) testing-proposed-updates; urgency=high
Modified: branches/etch-5.0/debian/patches/00list
===================================================================
--- branches/etch-5.0/debian/patches/00list 2007-05-28 17:16:23 UTC (rev 880)
+++ branches/etch-5.0/debian/patches/00list 2007-05-28 17:35:05 UTC (rev 881)
@@ -19,5 +19,6 @@
88_mctype_attrib.dpatch
89_ndb__staticlib.dpatch
90_tmp__limit_comma_bug.dpatch
+90_SECURITY_CVE-2007-2583_item_cmpfunc.dpatch
91_SECURITY_CVE-2007-2691_alter-drop.dpatch
92_SECURITY_CVE-2007-2691_thd_privs.dpatch
Added: branches/etch-5.0/debian/patches/90_SECURITY_CVE-2007-2583_item_cmpfunc.dpatch
===================================================================
--- branches/etch-5.0/debian/patches/90_SECURITY_CVE-2007-2583_item_cmpfunc.dpatch (rev 0)
+++ branches/etch-5.0/debian/patches/90_SECURITY_CVE-2007-2583_item_cmpfunc.dpatch 2007-05-28 17:35:05 UTC (rev 881)
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 90_SECURITY_CVE-2007-2583_item_cmpfunc.dpatch by <seanius at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad mysql-5.0-etch~/sql/item_cmpfunc.cc mysql-5.0-etch/sql/item_cmpfunc.cc
+--- mysql-5.0-etch~/sql/item_cmpfunc.cc 2006-12-20 12:14:48.000000000 +0100
++++ mysql-5.0-etch/sql/item_cmpfunc.cc 2007-05-28 19:32:51.000000000 +0200
+@@ -2168,7 +2168,7 @@
+ dec->len= DECIMAL_BUFF_LENGTH;
+ dec->fix_buffer_pointer();
+ my_decimal *res= item->val_decimal(dec);
+- if (res != dec)
++ if (!item->null_value && res != dec)
+ my_decimal2decimal(res, dec);
+ }
+
Property changes on: branches/etch-5.0/debian/patches/90_SECURITY_CVE-2007-2583_item_cmpfunc.dpatch
___________________________________________________________________
Name: svn:executable
+ *
More information about the Pkg-mysql-commits
mailing list