Hi Christian! Moritz Muehlenhoff [2005-08-09 11:08 +0200]: > A buffer overflow in user defined functions can be exploited to > possibly execute arbitrary code by user that have been granted the > privilege to create user defined functions. For full details please > see > http://www.appsecinc.com/resources/alerts/mysql/2005-002.html
D'oh, this was pretty hard to find in the bug tracking system and BK. After some searching, I found http://mysql.bkbits.net:8080/mysql-4.0/[EMAIL PROTECTED] for 4.0 and http://mysql.bkbits.net:8080/mysql-4.1/diffs/sql/[EMAIL PROTECTED] for 4.1. However, it is labeled as a "compile fix", and so I have some doubts. Could you find anything about this or did you ask upstream for a patch URL? Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org
signature.asc
Description: Digital signature
