Re: Security patches for recent MySQL vulnerabilities also available for 3.23? [patch] - Christian Hammers - com.mysql.lists.packagers

1 message in com.mysql.lists.packagersRe: Security patches for recent MySQL...

From	Sent On	Attachments
Christian Hammers	18 Mar 2005 02:38

Subject:	Re: Security patches for recent MySQL vulnerabilities also available for 3.23? [patch]
From:	Christian Hammers (ch...@debian.org)
Date:	03/18/2005 02:38:33 AM
List:	com.mysql.lists.packagers

Hello

On 2005-03-14 Sergei Golubchik wrote:

Do you know if the recent vulnerabilities also affect MySQL 3.23 (as shipped with Debian "3.0 Woody") and if so can you aid us in backporting these patches?

Yes, they do.

Try the patch for 4.0 - it should apply to 3.23 [almost] without a problem.

http://mysql.bkbits.net:8080/mysql-4.0/cset@42275cb1vIySS0vWwwUFE48ltGkmNA

It did apply with minor corrections (regarding the diff context not the code itself).

If any other distribution also wants to publish a fixed 3.23 version they can take a look at my backported version at http://www.lathspell.de/linux/debian/mysql/woody/

I would be happy though, if anybody would verify them. I just checked if MySQL builds, the proof of concept exploits do no longer work and the affected function do at least still work.

bye,

-christian-