Hi! I accidentially sent this to the wrong patch at first.
Martin ----- Forwarded message from Martin Pitt <[EMAIL PROTECTED]> ----- Date: Wed, 28 Sep 2005 19:49:34 +0200 From: Martin Pitt <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Provisional patch for mysql authentication bypass Hi! I ported the two patches to 4.0.24: http://patches.ubuntu.com/patches/mysql-dfsg.CAN-2004-0627_0628.diff they look straightforward; however, the exploit on http://downloads.securityfocus.com/vulnerabilities/exploits/mysql-auth-bypass.pl still claims that access is granted. It also claims that with mysql 4.1.12-1 (which has the patch already applied upstream), so I begin to wonder whether it is actually the exploit that is broken, not the patch. Christian, can upstream shed some light on this? Thanks in advance and have a nice day! Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates? ----- End forwarded message ----- -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
