Hello MysQL Debian was notified about http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2446 and we would like to backport the fix to our already release 5.0.51 package.
Can you confirm that the below snipped is a proper fix? It comments out the two commands COM_CREATE_DB and COM_DROP_DB like I saw it in the 5.1 branch. Sadly the sql_parse.cc file is too big to be viewed using bezaar (gives timeouts) and I cannot find the original commit or a bug in bugs.mysql.com which would give me some hints if other changes were necessary. http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/annotate/head%3A/sql/sql_parse.cc thanks for you help, -christian- --- old/sql/sql_parse.cc 2009-07-16 22:43:36.000000000 +0200 +++ new/sql/sql_parse.cc 2009-07-16 22:43:59.000000000 +0200 @@ -1920,6 +1920,7 @@ error=TRUE; // End server break; +#ifdef REMOVED case COM_CREATE_DB: // QQ: To be removed { char *db=thd->strdup(packet), *alias; @@ -1964,6 +1965,7 @@ mysql_rm_db(thd, db, 0, 0); break; } +#endif #ifndef EMBEDDED_LIBRARY case COM_BINLOG_DUMP: { --- old/tests/mysql_client_test.c 2008-01-11 15:43:14.000000000 +0100 +++ new/tests/mysql_client_test.c 2009-07-21 00:08:55.000000000 +0200 @@ -12017,7 +12017,7 @@ { int rc; myheader("test_bug6081"); - +/* Those commands were disabled because of CVE-2009-2446. rc= simple_command(mysql, COM_DROP_DB, current_db, (ulong)strlen(current_db), 0); myquery(rc); @@ -12032,6 +12032,7 @@ myquery_r(rc); rc= mysql_select_db(mysql, current_db); myquery(rc); +*/ } -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
