[Pkg-mysql-commits] r965 - in branches/etch-5.0/debian: . patches
Christian Hammers
ch at alioth.debian.org
Sat Oct 20 15:16:59 UTC 2007
Author: ch
Date: 2007-10-20 15:16:58 +0000 (Sat, 20 Oct 2007)
New Revision: 965
Added:
branches/etch-5.0/debian/patches/91_CVE-2007-3780.dpatch
branches/etch-5.0/debian/patches/91_CVE-2007-3782.dpatch
Modified:
branches/etch-5.0/debian/changelog
branches/etch-5.0/debian/patches/00list
Log:
preparing new release
Modified: branches/etch-5.0/debian/changelog
===================================================================
--- branches/etch-5.0/debian/changelog 2007-10-14 20:48:49 UTC (rev 964)
+++ branches/etch-5.0/debian/changelog 2007-10-20 15:16:58 UTC (rev 965)
@@ -1,3 +1,17 @@
+mysql-dfsg-5.0 (5.0.32-7etch4) stable-security; urgency=high
+
+ * Security release prepared for the security team by the Debian MySQL
+ maintainers. The patches were taken from the Ubuntu project.
+ * It was discovered that MySQL could be made to overflow a signed char
+ during authentication. Remote attackers could use crafted authentication
+ requests to cause a denial of service. (CVE-2007-3780)
+ * Phil Anderton discovered that MySQL did not properly verify access
+ privileges when accessing external tables. As a result, authenticated
+ users could exploit this to obtain UPDATE privileges to external
+ tables. (CVE-2007-3782)
+
+ -- Christian Hammers <ch at debian.org> Sat, 20 Oct 2007 16:39:32 +0200
+
mysql-dfsg-5.0 (5.0.32-7etch3) stable-security; urgency=high
* Upload prepared for the security team by the debian mysql maintainers
Modified: branches/etch-5.0/debian/patches/00list
===================================================================
--- branches/etch-5.0/debian/patches/00list 2007-10-14 20:48:49 UTC (rev 964)
+++ branches/etch-5.0/debian/patches/00list 2007-10-20 15:16:58 UTC (rev 965)
@@ -21,4 +21,6 @@
90_tmp__limit_comma_bug.dpatch
90_SECURITY_CVE-2007-2583_item_cmpfunc.dpatch
91_SECURITY_CVE-2007-2691_alter-drop.dpatch
+91_CVE-2007-3780.dpatch
+91_CVE-2007-3782.dpatch
92_SECURITY_CVE-2007-2691_thd_privs.dpatch
Added: branches/etch-5.0/debian/patches/91_CVE-2007-3780.dpatch
===================================================================
--- branches/etch-5.0/debian/patches/91_CVE-2007-3780.dpatch (rev 0)
+++ branches/etch-5.0/debian/patches/91_CVE-2007-3780.dpatch 2007-10-20 15:16:58 UTC (rev 965)
@@ -0,0 +1,20 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 91_CVE-2007-3780.dpatch by Jamie Strandboge <jamie at ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix for CVE-2007-3780
+
+ at DPATCH@
+
+diff -Nru mysql-dfsg-5.0-5.0.38.orig/sql/sql_parse.cc mysql-dfsg-5.0-5.0.38/sql/sql_parse.cc
+--- mysql-dfsg-5.0-5.0.38.orig/sql/sql_parse.cc 2007-10-02 10:27:41.000000000 -0400
++++ mysql-dfsg-5.0-5.0.38/sql/sql_parse.cc 2007-10-02 10:30:39.000000000 -0400
+@@ -1008,7 +1008,7 @@
+ password both send '\0'.
+ */
+ uint passwd_len= thd->client_capabilities & CLIENT_SECURE_CONNECTION ?
+- *passwd++ : strlen(passwd);
++ (uchar) (*passwd++) : strlen(passwd);
+ db= thd->client_capabilities & CLIENT_CONNECT_WITH_DB ?
+ db + passwd_len + 1 : 0;
+ uint db_len= db ? strlen(db) : 0;
Added: branches/etch-5.0/debian/patches/91_CVE-2007-3782.dpatch
===================================================================
--- branches/etch-5.0/debian/patches/91_CVE-2007-3782.dpatch (rev 0)
+++ branches/etch-5.0/debian/patches/91_CVE-2007-3782.dpatch 2007-10-20 15:16:58 UTC (rev 965)
@@ -0,0 +1,39 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 91_CVE-2007-3782.dpatch by Jamie Strandboge <jamie at ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix for CVE-2007-3782
+## DP: (patches to mysql-test/ removed as they didn't apply cleanly --ch)
+
+ at DPATCH@
+
+diff -Nru mysql-dfsg-5.0-5.0.38.orig/sql/sql_prepare.cc mysql-dfsg-5.0-5.0.38/sql/sql_prepare.cc
+--- mysql-dfsg-5.0-5.0.38.orig/sql/sql_prepare.cc 2007-03-20 15:12:48.000000000 -0400
++++ mysql-dfsg-5.0-5.0.38/sql/sql_prepare.cc 2007-10-02 11:02:20.000000000 -0400
+@@ -1164,8 +1164,9 @@
+ goto error;
+
+ #ifndef NO_EMBEDDED_ACCESS_CHECKS
+- /* TABLE_LIST contain right privilages request */
+- want_privilege= table_list->grant.want_privilege;
++ /* Force privilege re-checking for views after they are being opened. */
++ want_privilege= (table_list->view ? UPDATE_ACL :
++ table_list->grant.want_privilege);
+ #endif
+
+ if (mysql_prepare_update(thd, table_list, &select->where,
+diff -Nru mysql-dfsg-5.0-5.0.38.orig/sql/sql_update.cc mysql-dfsg-5.0-5.0.38/sql/sql_update.cc
+--- mysql-dfsg-5.0-5.0.38.orig/sql/sql_update.cc 2007-03-20 15:12:18.000000000 -0400
++++ mysql-dfsg-5.0-5.0.38/sql/sql_update.cc 2007-10-02 11:02:20.000000000 -0400
+@@ -173,8 +173,9 @@
+ table->quick_keys.clear_all();
+
+ #ifndef NO_EMBEDDED_ACCESS_CHECKS
+- /* TABLE_LIST contain right privilages request */
+- want_privilege= table_list->grant.want_privilege;
++ /* Force privilege re-checking for views after they are being opened. */
++ want_privilege= (table_list->view ? UPDATE_ACL :
++ table_list->grant.want_privilege);
+ #endif
+ if (mysql_prepare_update(thd, table_list, &conds, order_num, order))
+ DBUG_RETURN(1);
More information about the Pkg-mysql-commits
mailing list