reassign 285276 mysql-dfsg reassign 296674 mysql-dfsg merge 285276 296674 thanks
Hello Jefferson On 2005-02-23 Jefferson Cowart wrote: > See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957 for more > information. Based on that writeup any version of MySQL prior to 3.23.58 > is vulnerable. This bug was already existing with subject: "#285276: mysql: vulnerability issue (CAN-2004-0956 and CAN-2004-0957)" I merged the two. The problem with this bug is that it requires either a bigger version change (3.23.49 to 3.23.58) or a very big patch for just this issue (which is hard to produce or do you have one that changes nothing except the security hole?). Both was not liked very much and the security implication is realy realy low (correct me if I'm wrong). At the time of the bug disclosed I thought the Sarge release was just some weeks away and would introduce a fixed 4.0 version with the new "stable" version. Sadly Debian Sarge is still late with no release in sight. bye, -christian- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
