[Security-team] Fwd: Patches for CVE-2006-0903 and CVE-2006-1516..8

[Michael Shigorin]

FYI

> ----- Forwarded message from Christian Hammers <ch/debian.org> -----
> 
> Date: Tue, 9 May 2006 14:47:40 +0200
> From: Christian Hammers <ch/debian.org>
> To: packagers/lists.mysql.com
> Subject: Patches for CVE-2006-0903 and CVE-2006-1516..8
> Cc: security/mysql.com

Hello

We backported patches for the recent security problems to MySQL 3.23.49,
4.0.24 and 4.1.11 and put them (inside the .diff.gz) on
 http://www.lathspell.de/linux/debian/mysql/
in case it helps other distributions who prepare security updates for their
older releases, too. One upstream patch for a more recent 4.0 version
can be found here: http://lists.mysql.com/commits/5500


Apropos...
To MySQL: it would be really beneficial for us distribution packagers
if in the case of security problems, you would make an announcement
on this list with URLs to small patches for at least every major version.
This saves us a alot of time comparing versions, begging for bitkeeper
commit urls and trying to find nonexisting bug tracking system entries...

bye,

-christian-

P.S.: 4.0 was fixed by mysql for CVE-2006-1517 but it seemed to us as if at least
      4.0.24 was not vulnerable as the PoC exploit did not work. This was confirmed by 
      Stefano DiPaolo, the original bugtraq reporter. We left the patch applied nevertheless.

-- 
MySQL Packagers Mailing List
For list archives: http://lists.mysql.com/packagers

----- End forwarded message -----

-- 
 ---- WBR, Michael Shigorin <mike на altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/