Your message dated Mon, 03 Dec 2007 16:02:21 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#451235: fixed in mysql-dfsg-5.0 5.0.45-1+lenny1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: mysql-dfsg-5.0
Version: 5.0.32-7etch1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mysql-dfsg-5.0.
CVE-2007-5925[0]:
| The convert_search_mode_to_innobase function in ha_innodb.cc in the
| InnoDB engine in MySQL 5.1.23-BK and earlier allows remote
| authenticated users to cause a denial of service (database crash) via
| a certain CONTAINS operation on an indexed column, which triggers an
| assertion error.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpZaf584PdO5.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: mysql-dfsg-5.0
Source-Version: 5.0.45-1+lenny1
We believe that the bug you reported is fixed in the latest version of
mysql-dfsg-5.0, which is due to be installed in the Debian FTP archive:
libmysqlclient15-dev_5.0.45-1+lenny1_i386.deb
to pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.45-1+lenny1_i386.deb
libmysqlclient15off_5.0.45-1+lenny1_i386.deb
to pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.45-1+lenny1_i386.deb
mysql-client-5.0_5.0.45-1+lenny1_i386.deb
to pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.45-1+lenny1_i386.deb
mysql-client_5.0.45-1+lenny1_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.45-1+lenny1_all.deb
mysql-common_5.0.45-1+lenny1_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.45-1+lenny1_all.deb
mysql-dfsg-5.0_5.0.45-1+lenny1.diff.gz
to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.45-1+lenny1.diff.gz
mysql-dfsg-5.0_5.0.45-1+lenny1.dsc
to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.45-1+lenny1.dsc
mysql-server-5.0_5.0.45-1+lenny1_i386.deb
to pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.45-1+lenny1_i386.deb
mysql-server_5.0.45-1+lenny1_all.deb
to pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.45-1+lenny1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated mysql-dfsg-5.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 02 Dec 2007 16:39:21 +0000
Source: mysql-dfsg-5.0
Binary: libmysqlclient15-dev mysql-client mysql-client-5.0 mysql-server
mysql-server-5.0 mysql-common libmysqlclient15off
Architecture: source all i386
Version: 5.0.45-1+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Debian MySQL Maintainers <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
libmysqlclient15-dev - MySQL database development files
libmysqlclient15off - MySQL database client library
mysql-client - MySQL database client (meta package depending on the latest
versi
mysql-client-5.0 - MySQL database client binaries
mysql-common - MySQL database common files
mysql-server - MySQL database server (meta package depending on the latest
versi
mysql-server-5.0 - MySQL database server binaries
Closes: 451235
Changes:
mysql-dfsg-5.0 (5.0.45-1+lenny1) testing-security; urgency=high
.
* Non-maintainer upload by testing-security team.
* This update addresses the following security issue:
CVE-2007-5925: The convert_search_mode_to_innobase function in
ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows
remote authenticated users to cause a denial of service (database crash)
via a certain CONTAINS operation on an indexed column, which triggers an
assertion error (Closes: #451235).
Files:
6aa93c0634a525b4d2ec0230ac7c7652 1206 misc optional
mysql-dfsg-5.0_5.0.45-1+lenny1.dsc
ab450aa2e9b89f3b4e01fd12375b1bee 17801680 misc optional
mysql-dfsg-5.0_5.0.45.orig.tar.gz
afa463eb5faae1ba2d22d92391fa1313 228433 misc optional
mysql-dfsg-5.0_5.0.45-1+lenny1.diff.gz
2470ff4b0acc8cdd0e0471b54ef5fdbe 56416 misc optional
mysql-common_5.0.45-1+lenny1_all.deb
981223e07cfac44e22e14655d74911ae 49636 misc optional
mysql-server_5.0.45-1+lenny1_all.deb
4134daf970ab2645210e663f9d59156d 47442 misc optional
mysql-client_5.0.45-1+lenny1_all.deb
a2452d43197f7255daa75e5553a1e6bb 1848248 libs optional
libmysqlclient15off_5.0.45-1+lenny1_i386.deb
7e5f0a37ce7edf549a19e563b78a9e4e 7006666 libdevel optional
libmysqlclient15-dev_5.0.45-1+lenny1_i386.deb
2363824e25598b4c8e0a229f46b8cc82 7439742 misc optional
mysql-client-5.0_5.0.45-1+lenny1_i386.deb
77b9e2b4942d26e021fdbbda6a58cef0 26813132 misc optional
mysql-server-5.0_5.0.45-1+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHUuwAHYflSXNkfP8RAroTAJ9TTtYnqZDWKWoLtykOPmK4AnotxACgrAgR
Fq3F3in3/k3ODDAEyhf3JWU=
=pAdT
-----END PGP SIGNATURE-----
--- End Message ---
