CVE IDs for the last security bugs - Christian Hammers - com.mysql.lists.packagers

1 message in com.mysql.lists.packagersCVE IDs for the last security bugs

From	Sent On	Attachments
Christian Hammers	17 Oct 2004 17:34

Subject:	CVE IDs for the last security bugs
From:	Christian Hammers (ch...@debian.org)
Date:	10/17/2004 05:34:38 PM
List:	com.mysql.lists.packagers

Hello

As this is of general interest to other maintainers, as well, I post it here.

bye,

-christian-

On 2004-10-14 Martin Schulze wrote:

I have now received two more CVE Ids for the other two vulnerabilities that weren't fixed in our stable release.

If you have a good channel to the upstream developers, please tell them about the CVE IDs and ask them to add a note to their bug tracking system that an id was assigned to a particular issue.

[some text removed]

Crash with MATCH..AGAINST Bug: #3870

CAN-2004-0956

Privilege Escalation in ALTER TABLE RENAME Bug: #3270

CAN-2004-0835

Potential Memory Overrun With Compromised DNS Server Class: Denial of Service (crash but not exploitable with glibc they claim) Bug: #4017

CAN-2004-0836

Privilege Escalation on GRANT ALL ON `Foo\_Bar` Bug: #3933

CAN-2004-0957

Concurrent accesses to MERGE tables can result in crash Bug: #2408

CAN-2004-0837