[Pkg-mysql-commits] r881 - in branches/etch-5.0/debian: . patches

Sean Finney seanius at alioth.debian.org
Mon May 28 17:35:05 UTC 2007 

Author: seanius
Date: 2007-05-28 17:35:05 +0000 (Mon, 28 May 2007)
New Revision: 881

Added:
   branches/etch-5.0/debian/patches/90_SECURITY_CVE-2007-2583_item_cmpfunc.dpatch
Modified:
   branches/etch-5.0/debian/changelog
   branches/etch-5.0/debian/patches/00list
Log:
CVE-2007-2583

Modified: branches/etch-5.0/debian/changelog
===================================================================
--- branches/etch-5.0/debian/changelog	2007-05-28 17:16:23 UTC (rev 880)
+++ branches/etch-5.0/debian/changelog	2007-05-28 17:35:05 UTC (rev 881)
@@ -3,8 +3,9 @@
   * Upload prepared for the security team by the debian mysql maintainers
   * Fix for CVE-2007-2691: DROP/RENAME TABLE statements (ref: #424778).
   * Fix for CVE-2007-2692: THD::db_access privileges (ref: #424830).
+  * Fix for CVE-2007-2583: null dereference in item_cmpfunc.cc
 
- -- sean finney <seanius at debian.org>  Thu, 17 May 2007 19:31:41 +0200
+ -- sean finney <seanius at debian.org>  Mon, 28 May 2007 19:34:34 +0200
 
 mysql-dfsg-5.0 (5.0.32-7etch2) testing-proposed-updates; urgency=high
 

Modified: branches/etch-5.0/debian/patches/00list
===================================================================
--- branches/etch-5.0/debian/patches/00list	2007-05-28 17:16:23 UTC (rev 880)
+++ branches/etch-5.0/debian/patches/00list	2007-05-28 17:35:05 UTC (rev 881)
@@ -19,5 +19,6 @@
 88_mctype_attrib.dpatch
 89_ndb__staticlib.dpatch
 90_tmp__limit_comma_bug.dpatch
+90_SECURITY_CVE-2007-2583_item_cmpfunc.dpatch
 91_SECURITY_CVE-2007-2691_alter-drop.dpatch
 92_SECURITY_CVE-2007-2691_thd_privs.dpatch

Added: branches/etch-5.0/debian/patches/90_SECURITY_CVE-2007-2583_item_cmpfunc.dpatch
===================================================================
--- branches/etch-5.0/debian/patches/90_SECURITY_CVE-2007-2583_item_cmpfunc.dpatch	                        (rev 0)
+++ branches/etch-5.0/debian/patches/90_SECURITY_CVE-2007-2583_item_cmpfunc.dpatch	2007-05-28 17:35:05 UTC (rev 881)
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 90_SECURITY_CVE-2007-2583_item_cmpfunc.dpatch by  <seanius at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad mysql-5.0-etch~/sql/item_cmpfunc.cc mysql-5.0-etch/sql/item_cmpfunc.cc
+--- mysql-5.0-etch~/sql/item_cmpfunc.cc	2006-12-20 12:14:48.000000000 +0100
++++ mysql-5.0-etch/sql/item_cmpfunc.cc	2007-05-28 19:32:51.000000000 +0200
+@@ -2168,7 +2168,7 @@
+   dec->len= DECIMAL_BUFF_LENGTH;
+   dec->fix_buffer_pointer();
+   my_decimal *res= item->val_decimal(dec);
+-  if (res != dec)
++  if (!item->null_value && res != dec)
+     my_decimal2decimal(res, dec);
+ }
+ 


Property changes on: branches/etch-5.0/debian/patches/90_SECURITY_CVE-2007-2583_item_cmpfunc.dpatch
___________________________________________________________________
Name: svn:executable
   + *

More information about the Pkg-mysql-commits mailing list