[Pkg-mysql-commits] r970 - in branches/sarge-4.1/debian: . patches
Christian Hammers
ch at alioth.debian.org
Tue Nov 6 22:42:36 UTC 2007
tags 424778 pending
thanks
Author: ch
Date: 2007-11-06 22:42:36 +0000 (Tue, 06 Nov 2007)
New Revision: 970
Added:
branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch
branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-3780.dpatch
Modified:
branches/sarge-4.1/debian/changelog
branches/sarge-4.1/debian/patches/00list
Log:
preparing new security upload
Modified: branches/sarge-4.1/debian/changelog
===================================================================
--- branches/sarge-4.1/debian/changelog 2007-11-06 21:09:15 UTC (rev 969)
+++ branches/sarge-4.1/debian/changelog 2007-11-06 22:42:36 UTC (rev 970)
@@ -1,3 +1,16 @@
+mysql-dfsg-4.1 (4.1.11a-4sarge8) stable-security; urgency=high
+
+ * Security release prepared for the security team by the Debian MySQL
+ maintainers. Some patches were taken from the Ubuntu project.
+ * CVE-2007-2691: Fixes the problem that MySQL did not require the DROP
+ privilege for RENAME TABLE statements, which allows remote authenticated
+ users to rename arbitrary tables. Closes: #424778
+ * CVE-2007-3780: It was discovered that MySQL could be made to overflow
+ a signed char during authentication. Remote attackers could use
+ crafted authentication requests to cause a denial of service.
+
+ -- Christian Hammers <ch at debian.org> Tue, 06 Nov 2007 02:45:28 +0100
+
mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low
* SECURITY:
Modified: branches/sarge-4.1/debian/patches/00list
===================================================================
--- branches/sarge-4.1/debian/patches/00list 2007-11-06 21:09:15 UTC (rev 969)
+++ branches/sarge-4.1/debian/patches/00list 2007-11-06 22:42:36 UTC (rev 970)
@@ -23,3 +23,5 @@
66_SECURITY_CVE-2006-3469.dpatch
67_SECURITY_CVE-2006-4226.dpatch
68_SECURITY_CVE-2006-4380.dpatch
+91_SECURITY_CVE-2007-3780.dpatch
+91_SECURITY_CVE-2007-2691_alter-drop.dpatch
Added: branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch
===================================================================
--- branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch (rev 0)
+++ branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch 2007-11-06 22:42:36 UTC (rev 970)
@@ -0,0 +1,15 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+# DP: based on http://lists.mysql.com/commits/24642?f=plain
+
+ at DPATCH@
+--- old/sql/sql_parse.cc.origch 2007-11-06 23:06:00.000000000 +0100
++++ old/sql/sql_parse.cc 2007-11-06 23:07:11.000000000 +0100
+@@ -2622,7 +2622,7 @@
+ old_list=table[0];
+ new_list=table->next[0];
+ old_list.next=new_list.next=0;
+- if (check_grant(thd, ALTER_ACL, &old_list, 0, UINT_MAX, 0) ||
++ if (check_grant(thd, ALTER_ACL | DROP_ACL, &old_list, 0, UINT_MAX, 0) ||
+ (!test_all_bits(table->next->grant.privilege,
+ INSERT_ACL | CREATE_ACL) &&
+ check_grant(thd, INSERT_ACL | CREATE_ACL, &new_list, 0,
Property changes on: branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-2691_alter-drop.dpatch
___________________________________________________________________
Name: svn:executable
+ *
Added: branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-3780.dpatch
===================================================================
--- branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-3780.dpatch (rev 0)
+++ branches/sarge-4.1/debian/patches/91_SECURITY_CVE-2007-3780.dpatch 2007-11-06 22:42:36 UTC (rev 970)
@@ -0,0 +1,20 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 91_CVE-2007-3780.dpatch by Jamie Strandboge <jamie at ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix for CVE-2007-3780
+
+ at DPATCH@
+
+diff -Nru mysql-dfsg-5.0-5.0.38.orig/sql/sql_parse.cc mysql-dfsg-5.0-5.0.38/sql/sql_parse.cc
+--- mysql-dfsg-5.0-5.0.38.orig/sql/sql_parse.cc 2007-10-02 10:27:41.000000000 -0400
++++ mysql-dfsg-5.0-5.0.38/sql/sql_parse.cc 2007-10-02 10:30:39.000000000 -0400
+@@ -1008,7 +1008,7 @@
+ password both send '\0'.
+ */
+ uint passwd_len= thd->client_capabilities & CLIENT_SECURE_CONNECTION ?
+- *passwd++ : strlen(passwd);
++ (uchar) (*passwd++) : strlen(passwd);
+ db= thd->client_capabilities & CLIENT_CONNECT_WITH_DB ?
+ db + passwd_len + 1 : 0;
+ uint db_len= db ? strlen(db) : 0;
More information about the Pkg-mysql-commits
mailing list