[debian-mysql] Bug#455737: more CVEs
steffen.joeris at skolelinux.de
Tue Dec 11 19:08:12 UTC 2007
There are two more CVEs against mysql-dfsg-5.0.
MySQL 5.1.x before 5.1.23 might allow attackers to gain privileges via
unspecified use of the BINLOG statement in conjunction with the binlog
filename, which is interpreted as an absolute path by some components of the
product, and as a relative path by other components.
MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does
not update the DEFINER value of a view when the view is altered, which allows
remote authenticated users to gain privileges via a sequence of statements
including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20071211/7e524cde/attachment.pgp
More information about the pkg-mysql-maint