[Pkg-mysql-commits] r970 - in branches/sarge-4.1/debian: . patches

Christian Hammers ch at alioth.debian.org
Tue Nov 6 22:42:36 UTC 2007 

tags 424778 pending
thanks

Author: ch
Date: 2007-11-06 22:42:36 +0000 (Tue, 06 Nov 2007)
New Revision: 970

Added:
   branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch
   branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-3780.dpatch
Modified:
   branches/sarge-4.1/debian/changelog
   branches/sarge-4.1/debian/patches/00list
Log:
preparing new security upload


Modified: branches/sarge-4.1/debian/changelog
===================================================================
--- branches/sarge-4.1/debian/changelog	2007-11-06 21:09:15 UTC (rev 969)
+++ branches/sarge-4.1/debian/changelog	2007-11-06 22:42:36 UTC (rev 970)
@@ -1,3 +1,16 @@
+mysql-dfsg-4.1 (4.1.11a-4sarge8) stable-security; urgency=high
+
+  * Security release prepared for the security team by the Debian MySQL
+    maintainers. Some patches were taken from the Ubuntu project.
+  * CVE-2007-2691: Fixes the problem that MySQL did not require the DROP
+    privilege for RENAME TABLE statements, which allows remote authenticated
+    users to rename arbitrary tables. Closes: #424778
+  * CVE-2007-3780: It was discovered that MySQL could be made to overflow
+    a signed char during authentication. Remote attackers could use 
+    crafted authentication requests to cause a denial of service.
+
+ -- Christian Hammers <ch at debian.org>  Tue, 06 Nov 2007 02:45:28 +0100
+
 mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low
 
   * SECURITY:

Modified: branches/sarge-4.1/debian/patches/00list
===================================================================
--- branches/sarge-4.1/debian/patches/00list	2007-11-06 21:09:15 UTC (rev 969)
+++ branches/sarge-4.1/debian/patches/00list	2007-11-06 22:42:36 UTC (rev 970)
@@ -23,3 +23,5 @@
 66_SECURITY_CVE-2006-3469.dpatch
 67_SECURITY_CVE-2006-4226.dpatch
 68_SECURITY_CVE-2006-4380.dpatch
+91_SECURITY_CVE-2007-3780.dpatch
+91_SECURITY_CVE-2007-2691_alter-drop.dpatch

Added: branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch
===================================================================
--- branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch	                        (rev 0)
+++ branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch	2007-11-06 22:42:36 UTC (rev 970)
@@ -0,0 +1,15 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+# DP: based on http://lists.mysql.com/commits/24642?f=plain
+
+ at DPATCH@
+--- old/sql/sql_parse.cc.origch	2007-11-06 23:06:00.000000000 +0100
++++ old/sql/sql_parse.cc	2007-11-06 23:07:11.000000000 +0100
+@@ -2622,7 +2622,7 @@
+ 	old_list=table[0];
+ 	new_list=table->next[0];
+ 	old_list.next=new_list.next=0;
+-	if (check_grant(thd, ALTER_ACL, &old_list, 0, UINT_MAX, 0) ||
++	if (check_grant(thd, ALTER_ACL | DROP_ACL, &old_list, 0, UINT_MAX, 0) ||
+ 	    (!test_all_bits(table->next->grant.privilege,
+ 			    INSERT_ACL | CREATE_ACL) &&
+ 	     check_grant(thd, INSERT_ACL | CREATE_ACL, &new_list, 0,


Property changes on: branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch
___________________________________________________________________
Name: svn:executable
   + *

Added: branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-3780.dpatch
===================================================================
--- branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-3780.dpatch	                        (rev 0)
+++ branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-3780.dpatch	2007-11-06 22:42:36 UTC (rev 970)
@@ -0,0 +1,20 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 91_CVE-2007-3780.dpatch by Jamie Strandboge <jamie at ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix for CVE-2007-3780
+
+ at DPATCH@
+
+diff -Nru mysql-dfsg-5.0-5.0.38.orig/sql/sql_parse.cc mysql-dfsg-5.0-5.0.38/sql/sql_parse.cc
+--- mysql-dfsg-5.0-5.0.38.orig/sql/sql_parse.cc	2007-10-02 10:27:41.000000000 -0400
++++ mysql-dfsg-5.0-5.0.38/sql/sql_parse.cc	2007-10-02 10:30:39.000000000 -0400
+@@ -1008,7 +1008,7 @@
+     password both send '\0'.
+   */
+   uint passwd_len= thd->client_capabilities & CLIENT_SECURE_CONNECTION ?
+-    *passwd++ : strlen(passwd);
++    (uchar) (*passwd++) : strlen(passwd);
+   db= thd->client_capabilities & CLIENT_CONNECT_WITH_DB ?
+     db + passwd_len + 1 : 0;
+   uint db_len= db ? strlen(db) : 0;

More information about the Pkg-mysql-commits mailing list