hi joey, martin, (christian may already be on vacation, so i'll try and field some responses from what i think is going on)
On Fri, Aug 19, 2005 at 05:29:33PM +0200, Martin Schulze wrote: > do you have any details to this report? > > http://marc.theaimsgroup.com/?l=bugtraq&m=112354450412427&w=2 > > I remember that we've fixed such a problem recently, so it may > not apply to stable/oldstable anymore. i believe it does apply to both stable and olstable still, but is a relatively contained problem at least, as it requires the attacker already having a certain level of privilege. On Fri, Aug 19, 2005 at 06:02:04PM +0200, Martin Pitt wrote: > > A buffer overflow in user defined functions can be exploited to > > possibly execute arbitrary code by user that have been granted the > > privilege to create user defined functions. For full details please > > see > > http://www.appsecinc.com/resources/alerts/mysql/2005-002.html > > This is CAN-2005-2558, btw. Christian, can you please add it to the > appropriate position of the changelog? i added a reference to the 5.0.xbeta and 4.1 svn branches for posterity. the next upload will contain a mention of it. On Fri, Aug 19, 2005 at 06:23:08PM +0200, Martin Pitt wrote: > D'oh, this was pretty hard to find in the bug tracking system and BK. > After some searching, I found > > http://mysql.bkbits.net:8080/mysql-4.0/[EMAIL PROTECTED] > > for 4.0 and > > http://mysql.bkbits.net:8080/mysql-4.1/diffs/sql/[EMAIL PROTECTED] > > for 4.1. However, it is labeled as a "compile fix", and so I have some > doubts. Could you find anything about this or did you ask upstream for > a patch URL? i'm not sure about the above changeset, afaict that's a windows specific directory seperator related change or something. christian forwarded the bug information to mysql asking for a clarification (http://bugs.mysql.com/bug.php?id=12575) and we're waiting to hear back from them. sean --
signature.asc
Description: Digital signature
