[debian-mysql] Bug#687485: CVE-2012-4414
Nicholas Bamber
nicholas at periapt.co.uk
Thu Sep 27 09:46:36 UTC 2012
Moritz,
I have prepared a quilt patch based upon the MariaDB supplied patch. I
have yet to see if it compiles which I will do today, but I have to
investigate what the prospects are of it actually being accepted into
Debian. I also attach the notes I made whilst preparing the patch.
The only short term alternative I can see is to wait for Oracle to come
out with a release that fixes the issue. That would make it quite
possible that Debian would have to release with this unresolved.
I know that this will prompt yet again questions as to why we don't
switch to one of the clones. To which I have to reiterate that we plan,
during jessie, to offer the MariaDB and Percona cores. This would put
the choice in the hands of the user.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: binlog_sqlinjection.patch
Type: text/x-diff
Size: 111564 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20120927/7721bded/attachment-0001.patch>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: applied.txt
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20120927/7721bded/attachment-0001.txt>
More information about the pkg-mysql-maint
mailing list