Hello Sean On 2005-03-11 sean finney wrote: > i believe the attached patch fixes the vulnerability. i took the redhat > src rpm patch "mysql-3.23.58-security.patch", removed the parts of the > patch that are already addressed by other DSA's, adjusted some line > numbers, and did a little extra massaging to get it to fit. Great work! Thanks! > the patch cleanly applies, the package builds and installs, mysql starts > up, and i can connect to the database all without problems. however, > this is all in my virgin woody-i386 chroot on an unstable amd64 box, and > i haven't tested that the vulnerability is actually gone. could someone > more familiar with the vulnerability try a before and after to see if > the problem is resolved? Wasn't it the one where a privilege granted to "table_name" also grants rights on "tableXname", "tableYname" as '_' was considered as something like a dot in a RegEx? This should be fairly easy to test.
bye, -christian-
pgp6dAJvk6JuR.pgp
Description: PGP signature
