Your message dated Thu, 6 Oct 2005 19:59:09 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Fixed in recent DSA.
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 9 Aug 2005 09:07:50 +0000
>From [EMAIL PROTECTED] Tue Aug 09 02:07:50 2005
Return-path: <[EMAIL PROTECTED]>
Received: from (vserver151.vserver151.serverflex.de) [193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E2Q5O-0001oI-00; Tue, 09 Aug 2005 02:07:50 -0700
Received: from wlan-client-276.informatik.uni-bremen.de ([134.102.117.26]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1E2Q5M-0001bD-3y
for [EMAIL PROTECTED]; Tue, 09 Aug 2005 11:07:48 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.52)
id 1E2Q5l-0001gH-Ph; Tue, 09 Aug 2005 11:08:13 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: mysql-dfsg: Buffer overflow in user defined functions
X-Mailer: reportbug 3.15
Date: Tue, 09 Aug 2005 11:08:13 +0200
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 134.102.117.26
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: mysql-dfsg
Severity: grave
Tags: security
Justification: user security hole
A buffer overflow in user defined functions can be exploited to
possibly execute arbitrary code by user that have been granted the
privilege to create user defined functions. For full details please
see
http://www.appsecinc.com/resources/alerts/mysql/2005-002.html
This issue is already fixed in the 4.1 and 5.0 version in Debian.
There's no publicly available CVE assignment for this issue yet.
Application Security Inc. has released another advisory about a
relatively obscure way to DoS a MySQL server. It seems as if MySQL
has declined to fix it, but here's the link anyway:
http://www.appsecinc.com/resources/alerts/mysql/2005-003.html
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 322133-done) by bugs.debian.org; 6 Oct 2005 17:59:19 +0000
>From [EMAIL PROTECTED] Thu Oct 06 10:59:19 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail3b.westend.com (mail3b2.westend.com) [212.117.79.78]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1ENa1X-00024x-00; Thu, 06 Oct 2005 10:59:19 -0700
Received: from localhost (localhost [127.0.0.1])
by mail3b2.westend.com (Postfix) with ESMTP id DF2B11212E1
for <[EMAIL PROTECTED]>; Thu, 6 Oct 2005 19:59:15 +0200 (CEST)
Received: from mail3b2.westend.com ([127.0.0.1])
by localhost (mail3b [127.0.0.1]) (amavisd-new, port 20024)
with ESMTP id 25448-08 for <[EMAIL PROTECTED]>;
Thu, 6 Oct 2005 19:59:09 +0200 (CEST)
Received: from app109.intern (gate.lathspell.de [212.117.68.82])
by mail3b2.westend.com (Postfix) with ESMTP id 579FE1212E0
for <[EMAIL PROTECTED]>; Thu, 6 Oct 2005 19:59:09 +0200 (CEST)
Date: Thu, 6 Oct 2005 19:59:09 +0200
From: Christian Hammers <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Fixed in recent DSA.
Message-ID: <[EMAIL PROTECTED]>
X-Mailer: Sylpheed-Claws 1.0.5 (GTK+ 1.2.10; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
This bug has been fixed in DSA 833-2.
bye,
-christian-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
