Hi, Christian! On Jul 21, Christian Hammers wrote: > Hello MysQL > > Debian was notified about > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2446 > and we would like to backport the fix to our already release 5.0.51 > package. > > Can you confirm that the below snipped is a proper fix? > It comments out the two commands COM_CREATE_DB and COM_DROP_DB like > I saw it in the 5.1 branch.
Yes, your fix should be fine. If you want to have these commands working, you can apply a standard fix for these kinds of problems, like - mysql_log.write(thd,command,packet); + mysql_log.write(thd,command,"%s",packet); > Sadly the sql_parse.cc file is too big to be viewed using bazaar (gives > timeouts) and I cannot find the original commit or a bug in > bugs.mysql.com which would give me some hints if other changes were > necessary. This is our fix for 5.0: http://lists.mysql.com/commits/77649 you probably won't be able to see the bug itself, it's private until the released version will be out. But according to comments the fix was pushed to 5.0.84 Regards / Mit vielen Grüßen, Sergei -- __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Sergei Golubchik <s...@sun.com> / /|_/ / // /\ \/ /_/ / /__ Principal Software Engineer/Server Architect /_/ /_/\_, /___/\___\_\___/ Sun Microsystems GmbH, HRB München 161028 <___/ Sonnenallee 1, 85551 Kirchheim-Heimstetten Geschäftsführer: Thomas Schroeder, Wolfgang Engels, Wolf Frenkel Vorsitzender des Aufsichtsrates: Martin Häring -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
