On Wed, 14 Apr 2004, Martin Schulze wrote: > CAN-2004-0381 > > The script mysqlbug in MySQL allows local users to overwrite > arbitrary files via a symlink attack. > > CAN-2004-0388 > > The script mysqld_multi in MySQL allows local users to overwrite > arbitrary files via a symlink attack. [...] > For the unstable distribution (sid) these problems will be fixed in > version 4.0.18-6 of mysql-dfsg.
* mysql unstable (4.0.18-4) changelog says: > Aplied fix for unprobable tempfile-symlink security problem in > mysqlbug reported by Shaun Colley on bugtraq on 2004-03-24. but doesn't mention the CAN numbers. * mysql in unstable is currently at 4.0.18-5 * mysql's bugreports page doesn't show any open reports mentioning any unfixed. So what's the situation now with mysql in unstable?: - Is the bug mentioned in the advisory fixed in 4.0.18-5 and so the advisory wrong (should say "will be fixed in version 4.0.18-6 of mysql-dfsg") ... - or isn't it fixed at which moment I should open a bugreport against mysql? *t -- -------------------------------------------------------- Tomas Pospisek http://sourcepole.com - Linux & Open Source Solutions -------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
