Package: mysql-server Version: 3.23.49-8.9 Severity: grave Tags: security woody Justification: user security hole
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957 for more information. Based on that writeup any version of MySQL prior to 3.23.58 is vulnerable. I have checked through the MySQL changelogs for stable and I don't see this problem fixed there. If it is already fixed sorry about the duplicate bug. (See also http://www.us-cert.gov/cas/bulletins/SB05-054.html#mysql) -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux P450 2.4.18-1-686 #1 Wed Apr 14 18:20:10 UTC 2004 i686 Locale: LANG=C, LC_CTYPE=C Versions of packages mysql-server depends on: ii adduser 3.47 Add and remove users and groups ii debconf 1.2.35 Debian configuration management sy ii libc6 2.2.5-11.8 GNU C Library: Shared libraries an ii libdbi-perl 1.21-2woody2 The Perl5 Database Interface by Ti ii libmysqlclient10 3.23.49-8.9 mysql database client library ii libstdc++2.10-glibc2.2 1:2.95.4-11woody1 The GNU stdc++ library ii libwrap0 7.6-9 Wietse Venema's TCP wrappers libra ii mysql-client 3.23.49-8.9 mysql database client binaries ii perl 5.6.1-8.8 Larry Wall's Practical Extraction ii psmisc 20.2-2.1 Utilities that use the proc filesy ii zlib1g 1:1.1.4-1.0woody0 compression library - runtime -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
