[debian-mysql] Bug#698068: MySQL 5.5.30 does not fix CVE-2012-4414, what to do next?
Kristian Nielsen
knielsen at knielsen-hq.org
Sat Mar 9 22:58:13 UTC 2013
Clint Byrum <clint at ubuntu.com> writes:
>> Do you want me to do such a patch?
> Thanks so much for stepping up to help Kristian.
> MySQL 5.5.30 does not have a working fix. What it has fails the test. What we need is for the bad fix to be removed, and the Mariadb fix to
> Be applied instead. 5.5.30 or 5.5.29 would be fine.
Here is the patch, against MySQL 5.5.29.
Oracle did a partial fix in 5.5.29. I kept most of that, but fixed/added the
missing stuff from the MariaDB patch.
I also added the test case (there were a couple minor adjustments needed to
the .result file due to unrelated differences between MySQL and MariaDB).
Let me know if you need anything else regarding this.
Hope this helps,
- Kristian.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debian-mdev382-fixup.patch
Type: text/x-diff
Size: 38452 bytes
Desc: Patch for CVE-2012-4414 for MySQL 5.5.29
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20130309/46ea54e7/attachment-0001.patch>
More information about the pkg-mysql-maint
mailing list