hi, On Mon, Sep 26, 2005 at 03:05:51PM +0200, Martin Pitt wrote: > MySQL 4.1 and 5.0 are prone to an authentication bypass: > > http://www.nextgenss.com/advisories/mysql-authbypass.txt
um, did you check the date on that advisory? Name: MySQL Authentication Bypass / buffer overflow Systems Affected: MySQL 4.1 prior to 4.1.3, and MySQL 5.0. Severity: High Vendor URL: http://www.mysql.com Author: Chris Anley [ [EMAIL PROTECTED] ] Date of Advisory: 1st July 2004 i actually missed that in my first read-through, and when i saw they said "4.1.3 and earlier", i assumed it was a mistake. however, the mysql [EMAIL PROTECTED]'ing bitkeeper entries i found that i believe fix this are also dated around then. in any case... - woody isn't affected, as it doesn't carry 4.x at all - sarge/4.1 isn't affected afaict, as it ships 4.1.11a. - as you stated in your next mail, it doesn't seem that sarge/4.0 is affected. - sarge doesn't carry a 5.0 version - thus all sid versions should be okay too. > P.S. Did I mention that I hate the mysql BK? I failed again to locate > the patch in mysql.bkbits.com... i think the relevant patch is here: http://mysql.bkbits.net:8080/mysql-4.1/[EMAIL PROTECTED] and maybe http://mysql.bkbits.net:8080/mysql-4.1/[EMAIL PROTECTED] or maybe i'm missing something? sean --
signature.asc
Description: Digital signature
