[debian-mysql] Bug#737596: mysql-5.5: CVE-2014-0001: command-line tool buffer overflow via long server version string

[James Page]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 14/03/14 07:45, Salvatore Bonaccorso wrote:
>> If you fix the vulnerability please also make sure to include
>> the
>>> CVE (Common Vulnerabilities & Exposures) id in your changelog
>>> entry.
>>> 
>>> For further information see:
>>> 
>>> [0]
>>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001 
>>> http://security-tracker.debian.org/tracker/CVE-2014-0001 [1]
>>> http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
>>
>>> 
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=1054592
>>> 
>>> Please adjust the affected versions in the BTS as needed.
> The same seems to apply to mysql-5.6 at first glance. Cloning the 
> original bugreport to make a copy for the mysql-5.6 source
> package.

Thanks Salvatore

I'll check to see if this is fixed in the point release I have in
pipeline for upload.

Cheers

James

- -- 
James Page
Ubuntu and Debian Developer
james.page at ubuntu.com
jamespage at debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTIxcwAAoJEL/srsug59jDp80QAIftfeN0khc+KeGRivmziHBQ
aVR9Y2EiNh+Ylnlam7ITd0xeu5iBJ6rBLroQgEjZhorkX2Uu1cSv8RC01HtKxlCQ
Gg91lApg/OuQ3Fc0hWEzStbWpUCPZqqR7qzo+a4xSJ/2JAv2F8KnMskmX/oQ1aWc
VaphcSts7DBft9FvJVnmIx3ep1CsoEmc7RpF5m1BLArbH3bprpzOvZUWe4PkVj/h
32wiocnammKpFKOo9C9XrFTVnmR0PoEgUOV8T7NCEb34x01xeXyd44vYD7Qst5r/
E9HdR1yY/HD4FU/RhItMEVAT8yD3HvsaPYGoWsNlNu10jtllXKG0/4YX9DPHXZ4S
ICiRc58IJzorEyw+1CJfk/2/0ABmakCqnJgYtSzS+6LueLBdQrLz/sXUALc8wSDg
4z8XxeFUVEcYDEWwhGCpWSDJfyxtiFYwozz5Pd3zKObD5ka7hmLiyG85+GuBVBYa
a1K4zebzLrtSAVSCBFpbHFLn9+TQN/sCdqJPgzu0iFuD71DFxbD101mWbqLxl+t1
UJ+lPbKo2wAwtD2mub8OIK6VdZbN52YWEBPRQssIrB+zbMmJ9GBSOlCSL6k/HR+r
s+VziFlr/1ZeLg0GYuH0QrCVpnkL4+mCsYCdH0ctFxnOTs3eLn+Q1yGN0ihlqykz
G689FClZU6AnsJPQgb75
=Tbfg
-----END PGP SIGNATURE-----