On Fri, 2005-09-30 at 08:49 +0200, Martin Schulze wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - -------------------------------------------------------------------------- > Debian Security Advisory DSA 829-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > September 30, 2005 http://www.debian.org/security/faq > - -------------------------------------------------------------------------- > > Package : mysql > Vulnerability : buffer overflow > Problem type : remote > Debian-specific: no > CVE ID : CAN-2005-2558 > BugTraq ID : 14509 > > A stack-based buffer overflow in the init_syms function of MySQL, a > popular database, has been discovered that allows remote authenticated > users who can create user-defined functions to execute arbitrary code > via a long function_name field. The ability to create user-defined > functions is not typically granted to untrusted users. > > The following vulnerability matrix shows which version of MySQL in > which distribution has this problem fixed: > > woody sarge sid > mysql 3.23.49-8.14 n/a n/a > mysql-dfsg n/a 4.0.24-10sarge1 4.0.24-10sarge1 > mysql-dfsg-4.1 n/a 4.1.11a-4sarge2 4.1.14-2 > mysql-dfsg-5.0 n/a n/a 5.0.11beta-3
That's not one of our package, I've checked. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
