[debian-mysql] Fw: Bug#451235: CVE-2007-5925 Denial of Service vulnerability in innodb via crafted query
Christian Hammers
ch at debian.org
Wed Nov 14 13:55:32 UTC 2007
Hello Security-Team
I've send you the diffs for a MySQL security upload last week. Please hold it
back a few more days so that we can check the below vulnerability and give
you an updated version.
@Norbert: Do you have time for this?
bye,
-christian-
Begin forwarded message:
Date: Wed, 14 Nov 2007 12:16:42 +0100
From: Nico Golde <nion at debian.org>
To: submit at bugs.debian.org
Subject: [debian-mysql] Bug#451235: CVE-2007-5925 Denial of Service vulnerability in innodb via crafted query
Package: mysql-dfsg-5.0
Version: 5.0.32-7etch1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mysql-dfsg-5.0.
CVE-2007-5925[0]:
| The convert_search_mode_to_innobase function in ha_innodb.cc in the
| InnoDB engine in MySQL 5.1.23-BK and earlier allows remote
| authenticated users to cause a denial of service (database crash) via
| a certain CONTAINS operation on an indexed column, which triggers an
| assertion error.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
_______________________________________________
pkg-mysql-maint mailing list
pkg-mysql-maint at lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-mysql-maint
More information about the pkg-mysql-maint
mailing list