Thursday, December 6. 2007
MySQL 5.0.51 released
That is the good news. The bad news is, it is still affected by CVE-2007-5925, which allows remote authenticated users to cause a denial of service (database crash). Jörg Brühe wrote on the packagers mailinglist that is because the sources for 5.0.51 were cloned before the fix got in. I do not know exactly how their release model works, but looks like it needs to be improved, especially because 5.0.52 is not affected.
To make it even worse, bug #32125 which has a patch for the problem, was set to private a few days ago. Because we already have the patch in our MySQL packages since exactly three weeks, it is available in our subversion repository.
To make it even worse, bug #32125 which has a patch for the problem, was set to private a few days ago. Because we already have the patch in our MySQL packages since exactly three weeks, it is available in our subversion repository.
Comments
Display comments as
(Linear | Threaded)
So how to download patch in plain form? That websvn interface used there is CRAP.
svn export svn://svn.debian.org/svn/pkg-mysql/branches/sid-5.0/debian/patches/91_SECURITY_CVE-2007-5925.dpatch
Quicksearch
Calendar
|
September '10 | |||||
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | |||
Categories
Syndication
Personal
Blogroll
Your story has been submitted to fsdaily.com! Come and promote your article by voting for it here on FSDaily! Let your readers know they can vote for your story too.
Tracked: Dec 06, 23:45
Last week I wrote about CVE-2007-5925, a vulnerability in MySQL 5.0.51 (current version of the MySQL Community Edition), which is fixed in 5.0.52 (current version of the MySQL Enterprise Edition, released on the same day as 5.0.51) and was known for more
Tracked: Dec 11, 18:01