Hello On 2005-03-20 sean finney wrote: > On Fri, Mar 18, 2005 at 04:33:52PM +0100, Martin Schulze wrote: > > sean finney wrote: > > > On Fri, Mar 11, 2005 at 09:39:10AM +0100, Christian Hammers wrote: > > > > Wasn't it the one where a privilege granted to "table_name" also > > > > grants rights on "tableXname", "tableYname" as '_' was considered as > > > > something like a dot in a RegEx? This should be fairly easy to test. > > > > > > i knew it had something to do with underscores, but wasn't completely > > > sure. i'll try this on the patched and unpatched version tonight. > > > > Any results? > > sorry, took off for vac before testing this, and won't have time for > another week. Sean, I tried to apply your patch yesterday evening but it did not compile against the last released 3.23.49-x.9 - can you check if you send me the complete patch?
> in the meantime, i think christian is looking into whether > or not the latest mysql vulnerabilities also affect woody, in which case > it might make sense to just wait and roll them all together since this > one isn't all that severe and has been open for so long anyways. I alreay opened a bug report for this with patch attached. Woody is vulnerable but the patches were easily backportable. (See also www.lathspell.de/linux/debian/mysql/woody/) bye, -christian- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
