Hi! I ported the two patches to 4.0.24:
http://patches.ubuntu.com/patches/mysql-dfsg.CAN-2004-0627_0628.diff they look straightforward; however, the exploit on http://downloads.securityfocus.com/vulnerabilities/exploits/mysql-auth-bypass.pl still claims that access is granted. It also claims that with mysql 4.1.12-1 (which has the patch already applied upstream), so I begin to wonder whether it is actually the exploit that is broken, not the patch. Christian, can upstream shed some light on this? Thanks in advance and have a nice day! Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
