9 messages in com.mysql.lists.packagersRe: MySQL 4.0.15 has been released| From | Sent On | Attachments |
|---|---|---|
| Lenz Grimmer | 10 Sep 2003 11:02 | |
| Michael Shigorin | 11 Sep 2003 01:12 | |
| Christian Hammers | 11 Sep 2003 01:37 | |
| Christian Hammers | 11 Sep 2003 01:47 | |
| Lenz Grimmer | 11 Sep 2003 01:49 | |
| Christian Hammers | 11 Sep 2003 02:05 | |
| Lenz Grimmer | 11 Sep 2003 02:06 | |
| Lenz Grimmer | 11 Sep 2003 03:24 | |
| Sergei Golubchik | 11 Sep 2003 10:54 |
| Subject: | Re: MySQL 4.0.15 has been released |
|---|---|
| From: | Lenz Grimmer (le...@mysql.com) |
| Date: | 09/11/2003 01:49:53 AM |
| List: | com.mysql.lists.packagers |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Christian,
On Thu, 11 Sep 2003, Christian Hammers wrote:
Again(!) I remark that you put a notice about a potential root exploit somewhere near line 100 or so instead as a big fat "SECURITY: ..." warning on top of the changelog.
Why do you think it's a root exploit? You need to already have root privileges on the database to be able to trigger this crash. We fixed multiple other bugs that could cause mysqld to crash without requiring mysql root privileges.
Although this time it's at least the first entry in the bugs section, I propose you to change that in future as admins and especially package maintainers should see such things at the first glance.
Yes, fully agreed. If this would have been a really critical bug (e.g. remotely exploitable), we would have done that. Probably the wording of this specific entry is misleading. Sorry if this is the case.
Bye, LenZ - -- Lenz Grimmer <le...@mysql.com> Senior Production Engineer MySQL GmbH, http://www.mysql.de/ Hamburg, Germany
For technical support contracts, visit https://order.mysql.com/?ref=mlgr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE/YDdISVDhKrJykfIRAu7kAJwKtO19Axixs3ni81nNHEto/3YdugCfTe1A /cMMnHFtVE7W9v2XyDTG86Q= =fFtZ -----END PGP SIGNATURE-----