Re: MySQL 4.0.15 has been released - Christian Hammers - com.mysql.lists.packagers

9 messages in com.mysql.lists.packagersRe: MySQL 4.0.15 has been released

From	Sent On	Attachments
Lenz Grimmer	10 Sep 2003 11:02
Michael Shigorin	11 Sep 2003 01:12
Christian Hammers	11 Sep 2003 01:37
Christian Hammers	11 Sep 2003 01:47
Lenz Grimmer	11 Sep 2003 01:49
Christian Hammers	11 Sep 2003 02:05
Lenz Grimmer	11 Sep 2003 02:06
Lenz Grimmer	11 Sep 2003 03:24
Sergei Golubchik	11 Sep 2003 10:54

Subject:	Re: MySQL 4.0.15 has been released
From:	Christian Hammers (ch...@debian.org)
Date:	09/11/2003 01:37:01 AM
List:	com.mysql.lists.packagers

Hello MySQL

Again(!) I remark that you put a notice about a potential root exploit somewhere near line 100 or so instead as a big fat "SECURITY: ..." warning on top of the changelog.

Although this time it's at least the first entry in the bugs section, I propose you to change that in future as admins and especially package maintainers should see such things at the first glance.

bye,

-christian-

On Wed, Sep 10, 2003 at 08:02:32PM +0200, Lenz Grimmer wrote: ...

Bugs fixed:

* Fixed buffer overflow in SET PASSWORD which could potentially be exploited by MySQL users with root privileges to execute random code or to gain shell access (thanks to Jedi/Sector One for spotting and reporting this one).