[debian-mysql] Fw: Bug#451235: CVE-2007-5925 Denial of Service vulnerability in innodb via crafted query
Norbert Tretkowski
norbert at tretkowski.de
Wed Nov 14 16:09:10 UTC 2007
Am Mittwoch, den 14.11.2007, 16:55 +0100 schrieb Moritz Muehlenhoff:
> Can this realistically be triggered through a webapp?
Yes.
> Does it crash the entire database server or a single delivery process?
It crashes the entire database server, but it's immediately restarted by
mysqld_safe.
> If it's more or less harmless it could be postponed to a later MySQL
> DSA instead.
I wouldn't call it harmless, but if we have a chance to do another
upload *soon* I'm fine with postponing it for now, because we don't have
a patch for 5.0 yet.
Norbert
More information about the pkg-mysql-maint
mailing list