Package: mysql-dfsg Severity: grave Tags: security Justification: user security hole
A buffer overflow in user defined functions can be exploited to possibly execute arbitrary code by user that have been granted the privilege to create user defined functions. For full details please see http://www.appsecinc.com/resources/alerts/mysql/2005-002.html This issue is already fixed in the 4.1 and 5.0 version in Debian. There's no publicly available CVE assignment for this issue yet. Application Security Inc. has released another advisory about a relatively obscure way to DoS a MySQL server. It seems as if MySQL has declined to fix it, but here's the link anyway: http://www.appsecinc.com/resources/alerts/mysql/2005-003.html Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-rc5 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
