On Sun, 9 Jul 2006, Moritz Muehlenhoff wrote: > > On 2006-07-04 Christian Hammers wrote: > > > It's time for a new MySQL DSA :) On > > > http://www.lathspell.de/linux/debian/mysql/sarge-4.1 > > > you find *sarge5.deb pacakges that fix the following two vulnerabilities: > > > > > > * Fixed DoS bug where any user could crash the server with > > > "SELECT str_to_date(1, NULL);" (CVE-2006-3081). > > > The vulnerability was discovered by Kanatoko <[EMAIL PROTECTED]>. > > > Closes: #373913 > > > * Fixed DoS bug where any user could crash the server with > > > "SELECT date_format('%d%s', 1); (CVE-2006-XXXX). > > > The vulnerability was discovered by Maillefer Jean-David > > > <[EMAIL PROTECTED]> and filed as MySQL bug #20729. > > > Closes: #375694
Use CVE-2006-3469 Is this "public enough" for me to update the CVE descriptions, or should I leave them as reserved for now? CVE will probably be the first point of widespread disclosure. - Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]