List:Announcements« Previous MessageNext Message »
From:Karen Langford Date:February 8 2011 5:04am
Subject:MySQL Server 5.0.92 has been released.
View as plain text  
Dear MySQL users,

MySQL Server 5.0.92, a new version of the popular Open Source Database
Management System, has been released.  Please note that the active
maintenance of 5.0 has ended, and these builds are only provided
because of the fixes to security bugs as described below.

The release is now available in source and binary form for a number of
platforms from our archive download page at

http://dev.mysql.com/downloads/

Mirror service for MySQL Server 5.0 has ended.  Also, support for some
platforms with very low demand has ended.  Please bear in mind that
MySQL 5.0 now receives extended support only, and that all active
development is happening on MySQL 5.1, 5.5, and beyond. You will find
the MySQL Lifecycle policy here:

http://www.mysql.de/about/legal/lifecycle/

For your own best interest, we strongly recommend all current users of
MySQL 5.0 to upgrade to MySQL 5.1.

We welcome and appreciate your feedback, bug reports, bug fixes,
patches etc:

http://forge.mysql.com/wiki/Contributing

This section documents all changes and bugfixes that have been applied
since the last MySQL Server release (5.0.91).

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html

If you would like to receive more fine-grained and personalized update
alerts about fixes that are relevant to the version and features you
use, please consider subscribing to MySQL Enterprise (a commercial
MySQL offering). For more details please see

http://www.mysql.com/products/enterprise/advisors.html


Changes in MySQL 5.0.92  (7 February, 2011)

Functionality added or changed:

    * The time zone tables available at
http://dev.mysql.com/downloads/timezones.html have been
      updated. These tables can be used on systems such as
      Windows or HP-UX that do not include zoneinfo files.
      (Bug#40230:http://bugs.mysql.com/bug.php?id=40230)

Bugs fixed:

    * Security Fix: During evaluation of arguments to
      extreme-value functions (such as LEAST() and GREATEST()),
      type errors did not propagate properly, causing the
      server to crash.
      (Bug#55826:http://bugs.mysql.com/bug.php?id=55826,
      CVE-2010-3833
      (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3833)

    * Security Fix: The server could crash after materializing
      a derived table that required a temporary table for
      grouping.
      (Bug#55568:http://bugs.mysql.com/bug.php?id=55568,
      CVE-2010-3834
      (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3834)

    * Security Fix: A user-variable assignment expression that
      is evaluated in a logical expression context can be
      precalculated in a temporary table for GROUP BY. However,
      when the expression value is used after creation of the
      temporary table, it was re-evaluated, not read from the
      table and a server crash resulted.
      (Bug#55564:http://bugs.mysql.com/bug.php?id=55564,
      CVE-2010-3835
      (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3835)

    * Security Fix: Joins involving a table with a unique SET
      column could cause a server crash.
      (Bug#54575:http://bugs.mysql.com/bug.php?id=54575,
      CVE-2010-3677
      (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677)

    * Security Fix: Pre-evaluation of LIKE predicates during
      view preparation could cause a server crash.
      (Bug#54568:http://bugs.mysql.com/bug.php?id=54568,
      CVE-2010-3836
      (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3836)

    * Security Fix: GROUP_CONCAT() and WITH ROLLUP together
      could cause a server crash.
      (Bug#54476:http://bugs.mysql.com/bug.php?id=54476,
       CVE-2010-3837
      (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3837)

    * Security Fix: Queries could cause a server crash if the
      GREATEST() or LEAST() function had a mixed list of
      numeric and LONGBLOB arguments, and the result of such a
      function was processed using an intermediate temporary
      table.
      (Bug#54461:http://bugs.mysql.com/bug.php?id=54461,
      CVE-2010-3838
      (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3838)

    * Security Fix: Using EXPLAIN with queries of the form
      SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)
      could cause a server crash.
      (Bug#52711:http://bugs.mysql.com/bug.php?id=52711,
       CVE-2010-3682
      (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682)

    * InnoDB Storage Engine: Creating or dropping a table with
      1023 transactions active caused an assertion failure.
      (Bug#49238:http://bugs.mysql.com/bug.php?id=49238)

    * The make_binary_distribution target to make could fail on
      some platforms because the lines generated were too long
      for the shell.
      (Bug#54590:http://bugs.mysql.com/bug.php?id=54590)

    * A client could supply data in chunks to a prepared
      statement parameter other than of type TEXT or BLOB using
      the mysql_stmt_send_long_data() C API function (or
      COM_STMT_SEND_LONG_DATA command). This led to a crash
      because other data types are not valid for long data.
      (Bug#54041:http://bugs.mysql.com/bug.php?id=54041)

    * Builds of the embedded mysqld would fail due to a missing
      element of the struct NET.
      (Bug#53908:http://bugs.mysql.com/bug.php?id=53908,
       Bug#53912:http://bugs.mysql.com/bug.php?id=53912)

    * The definition of the MY_INIT macro in my_sys.h included
      an extraneous semicolon, which could cause compilation
      failure.
      (Bug#53906:http://bugs.mysql.com/bug.php?id=53906)

    * If the remote server for a FEDERATED table could not be
      accessed, queries for the INFORMATION_SCHEMA.TABLES table
      failed.
      (Bug#35333:http://bugs.mysql.com/bug.php?id=35333)

    * mysqld could fail during execution when using SSL.
      (Bug#34236:http://bugs.mysql.com/bug.php?id=34236)

    * Threads that were calculating the estimated number of
      records for a range scan did not respond to the KILL
      statement. That is, if a range join type is possible
      (even if not selected by the optimizer as a join type of
      choice and thus not shown by EXPLAIN), the query in the
      statistics state (shown by the SHOW PROCESSLIST) did not
      respond to the KILL statement.
      (Bug#25421:http://bugs.mysql.com/bug.php?id=25421)


Thanks,
Sunanda Menon
Release Engineer, MySQL, Oracle.

Thread
MySQL Server 5.0.92 has been released.Karen Langford9 Feb