Author: paul
Date: 2007-10-11 23:07:50 +0200 (Thu, 11 Oct 2007)
New Revision: 8065
Log:
r30950@arctic: paul | 2007-10-11 16:04:47 -0500
Updates from mysqldoc.
Modified:
trunk/dynamic-docs/changelog/mysqld.xml
trunk/pt/refman-5.1/news-5.1.xml
trunk/tools/bug-prep.pl
Property changes on: trunk
___________________________________________________________________
Name: svk:merge
- 4767c598-dc10-0410-bea0-d01b485662eb:/mysqldoc-local/mysqldoc/trunk:30948
7d8d2c4e-af1d-0410-ab9f-b038ce55645b:/mysqldoc-local/mysqldoc:25449
b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:14218
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:20005
+ 4767c598-dc10-0410-bea0-d01b485662eb:/mysqldoc-local/mysqldoc/trunk:30950
7d8d2c4e-af1d-0410-ab9f-b038ce55645b:/mysqldoc-local/mysqldoc:25449
b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:14218
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:20005
Modified: trunk/dynamic-docs/changelog/mysqld.xml
===================================================================
--- trunk/dynamic-docs/changelog/mysqld.xml 2007-10-11 19:56:07 UTC (rev 8064)
+++ trunk/dynamic-docs/changelog/mysqld.xml 2007-10-11 21:07:50 UTC (rev 8065)
Changed blocks: 34, Lines Added: 38, Lines Deleted: 38; 13298 bytes
@@ -2551,7 +2551,7 @@
filesystems, it was possible for a user granted rights on a
database to create or access a database whose name differed only
from that of the first by the case of one or more letters.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4226">CVE-2006-4226</ulink>,
+ (CVE-2006-4226,
Bug #17647)
</para>
@@ -10089,7 +10089,7 @@
a different user using <literal>GRANT EXECUTE</literal> could be
executed by that user with the privileges of the routine's
definer.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4227">CVE-2006-4227</ulink>,
+ (CVE-2006-4227,
Bug #18630)
</para>
@@ -18463,7 +18463,7 @@
<para>
The requirement of the <literal>DROP</literal> privilege for
<literal>RENAME TABLE</literal> was not being enforced.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2691">CVE-2007-2691</ulink>,
+ (CVE-2007-2691,
Bug #27515)
</para>
@@ -20159,7 +20159,7 @@
Using an <literal>INFORMATION_SCHEMA</literal> table with
<literal>ORDER BY</literal> in a subquery could cause a server
crash.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1420">CVE-2007-1420</ulink>,
+ (CVE-2007-1420,
Bug #24630, Bug #26556) We would like to thank Oren Isacson from
Flowgate Security Consulting as well as well as Stefan
Streichsbier from SEC Consult for informing us about this
@@ -20219,7 +20219,7 @@
Thanks to Stefano Di Paola
<email>stefano.dipaola@stripped</email> for finding and
informing us about this issue.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0711">CVE-2005-0711</ulink>)
+ (CVE-2005-0711)
</para>
</message>
@@ -24663,7 +24663,7 @@
<para>
Use of a view could allow a user to gain update privileges for
tables in other databases.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3782">CVE-2007-3782</ulink>,
+ (CVE-2007-3782,
Bug #27878)
</para>
@@ -31101,7 +31101,7 @@
Fixed a bug that under certain circumstances could allow a
privilege escalation via database wildcards in
<literal>GRANT</literal>.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0957">CVE-2004-0957</ulink>)
+ (CVE-2004-0957)
</para>
</message>
@@ -31328,7 +31328,7 @@
<literal>mysql_real_connect()</literal> (which required a
compromised DNS server and certain operating systems). (Bug
#4017,
- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0836">CVE-2004-0836</ulink>)
+ CVE-2004-0836)
</para>
</message>
@@ -37721,7 +37721,7 @@
A malformed password packet in the connection protocol could
cause the server to crash. Thanks for Dormando for reporting
this bug and providing details and a proof of concept.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3780">CVE-2007-3780</ulink>,
+ (CVE-2007-3780,
Bug #28984)
</para>
@@ -44018,7 +44018,7 @@
<para>
Fixed a symlink vulnerability in the
<filename>mysqlbug</filename> script. (Bug #3284,
- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0381">CVE-2004-0381</ulink>)
+ CVE-2004-0381)
</para>
</message>
@@ -44446,7 +44446,7 @@
<para>
Fixed bug in privilege checking of <literal>ALTER TABLE
RENAME</literal>. (Bug #3270,
- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0835">CVE-2004-0835</ulink>)
+ CVE-2004-0835)
</para>
</message>
@@ -56920,7 +56920,7 @@
Fixed a bug that under certain circumstances could allow a
privilege escalation via database wildcards in
<literal>GRANT</literal>. (Bug #3924,
- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0957">CVE-2004-0957</ulink>)
+ CVE-2004-0957)
</para>
</message>
@@ -57342,11 +57342,11 @@
Security improvement: Applied a patch that addresses a
<literal>zlib</literal> data vulnerability that could result in
a buffer overflow and code execution.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2096">CVE-2005-2096</ulink>)
+ (CVE-2005-2096)
. Shortly after MySQL 4.1.13 was released, a second potential
zlib security flaw was discovered and fixed - the issue is
tracked by the Mitre CVE ID
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1849">CVE-2005-1849</ulink>).
+ (CVE-2005-1849).
A patch for this flaw was applied on top of the 4.1.13 sources
and published as 4.1.13a. The affected binaries have been
rebuilt.
@@ -57456,7 +57456,7 @@
Security improvement: Applied a patch to fix a UDF
library-loading vulnerability that could result in a buffer
overflow and code execution.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2558">CVE-2005-2558</ulink>)
+ (CVE-2005-2558)
</para>
</message>
@@ -59390,7 +59390,7 @@
<para>
Evaluation of an <literal>IN()</literal> predicate containing a
decimal-valued argument caused a server crash.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2583">CVE-2007-2583</ulink>)
+ (CVE-2007-2583)
</para>
</message>
@@ -68386,7 +68386,7 @@
<literal>CREATE TABLE LIKE</literal> did not require any
privileges on the source table. Now it requires the
<literal>SELECT</literal> privilege.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781">CVE-2007-3781</ulink>,
+ (CVE-2007-3781,
Bug #25578)
</para>
@@ -71972,7 +71972,7 @@
<para>
New more secure client authentication based on 45-byte passwords
in the <literal>user</literal> table.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0981">CVE-2000-0981</ulink>)
+ (CVE-2000-0981)
</para>
</message>
@@ -73046,7 +73046,7 @@
<para>
Invalid arguments to <literal>DATE_FORMAT()</literal> caused a
server crash.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469">CVE-2006-3469</ulink>,
+ (CVE-2006-3469,
Bug #20729) Thanks to Jean-David Maillefer for discovering and
reporting this problem to the Debian project and to Christian
Hammers from the Debian Team for notifying us of it.
@@ -76359,7 +76359,7 @@
you can start the server with the new
<option>--skip-merge</option> option to disable the
<literal>MERGE</literal> storage engine.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4031">CVE-2006-4031</ulink>,
+ (CVE-2006-4031,
Bug #15195)
</para>
@@ -81235,7 +81235,7 @@
A malicious client, using specially crafted invalid
<literal>COM_TABLE_DUMP</literal> packets was able to trigger an
exploitable buffer overflow on the server.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1518">CVE-2006-1518</ulink>)
+ (CVE-2006-1518)
Thanks to Stefano Di Paola
<email>stefano.dipaola@stripped</email> for finding and
reporting this bug.
@@ -84260,7 +84260,7 @@
<para>
<literal>STR_TO_DATE(1,NULL)</literal> caused a server crash.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3081">CVE-2006-3081</ulink>,
+ (CVE-2006-3081,
Bug #15828)
</para>
@@ -87828,7 +87828,7 @@
A user with only the <literal>ALTER</literal> privilege on a
partitioned table could obtain information about the table that
should require the <literal>SELECT</literal> privilege.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2693">CVE-2007-2693</ulink>,
+ (CVE-2007-2693,
Bug #23675)
</para>
@@ -92429,7 +92429,7 @@
encoding processing. The bug was in the server, incorrectly
parsing the string escaped with the
<literal>mysql_real_escape_string()</literal> C API function.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753">CVE-2006-2753</ulink>,
+ (CVE-2006-2753,
Bug #8378)
</para>
@@ -92599,7 +92599,7 @@
<literal>USE COM1;</literal>, or <literal>USE AUX;</literal>
would report success even though the database was not in fact
changed. (Bug #9148,
- <ulink url="http://cve.mitre.org/cvename.cgi?name=CVE-2005-0799">CVE-2005-0799</ulink>
+ CVE-2005-0799
</para>
<remark>
@@ -94886,7 +94886,7 @@
If a stored routine was declared using <literal>SQL SECURITY
INVOKER</literal>, a user who invoked the routine could gain
privileges.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692">CVE-2007-2692</ulink>,
+ (CVE-2007-2692,
Bug #27337)
</para>
@@ -96314,7 +96314,7 @@
Queries of the form <literal>UPDATE ... (SELECT ... ) SET
...</literal> run on a replication master would crash all the
slaves.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-4380">CVE-2004-4380</ulink>,
+ (CVE-2004-4380,
Bug #10442)
</para>
@@ -96539,7 +96539,7 @@
<filename>mysql_install_db.X</filename> file with a predictable
filename and insecure permissions, which allowed local users to
execute arbitrary SQL commands by modifying the file's contents.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1636">CVE-2005-1636</ulink>)
+ (CVE-2005-1636)
</para>
</message>
@@ -97935,8 +97935,8 @@
<literal>COM_TABLE_DUMP</literal> packets was able to read
uninitialized memory, which potentially, though unlikely in
MySQL, could have led to an information disclosure.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516">CVE-2006-1516</ulink>,
- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517">CVE-2006-1517</ulink>)
+ (CVE-2006-1516,
+ CVE-2006-1517)
Thanks to Stefano Di Paola
<email>stefano.dipaola@stripped</email> for finding and
reporting this bug.
@@ -98588,7 +98588,7 @@
<literal>MERGE</literal> table and <literal>MyISAM</literal>
tables), that could have resulted in a crash or hang of the
server. (Bug #2408,
- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0837">CVE-2004-0837</ulink>)
+ CVE-2004-0837)
</para>
</message>
@@ -99596,8 +99596,8 @@
<xref linkend="udf-security"/>. Thanks to Stefano Di Paola
<email>stefano.dipaola@stripped</email> for finding and
informing us about this issue.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0709">CVE-2005-0709</ulink>,
- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0710">CVE-2005-0710</ulink>)
+ (CVE-2005-0709,
+ CVE-2005-0710)
</para>
</message>
@@ -102597,7 +102597,7 @@
Fernandez-Sanguino Pena and
<ulink url="http://www.debian.org/security/audit">Debian
Security Audit Team</ulink>.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0004">CVE-2005-0004</ulink>)
+ (CVE-2005-0004)
</para>
</message>
@@ -104211,7 +104211,7 @@
A <literal>NUL</literal> byte within a comment in a statement
string caused the rest of the string not to be written to the
query log, allowing logging to be bypassed.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0903">CVE-2006-0903</ulink>)
+ (CVE-2006-0903)
</para>
</message>
@@ -104739,8 +104739,8 @@
Fixed a bug in authentication code that allowed a malicious user
to bypass password verification with specially crafted packets,
using a modified client library.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0627">CVE-2004-0627</ulink>,
- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0628">CVE-2004-0628</ulink>)
+ (CVE-2004-0627,
+ CVE-2004-0628)
</para>
</message>
@@ -108686,7 +108686,7 @@
<filename>my.cnf</filename> or compiled in), not in
<filename>/tmp</filename>. Thanks to Christian Hammers from
Debian Security Team for reporting this.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0388">CVE-2004-0388</ulink>)
+ (CVE-2004-0388)
</para>
</message>
Modified: trunk/pt/refman-5.1/news-5.1.xml
===================================================================
--- trunk/pt/refman-5.1/news-5.1.xml 2007-10-11 19:56:07 UTC (rev 8064)
+++ trunk/pt/refman-5.1/news-5.1.xml 2007-10-11 21:07:50 UTC (rev 8065)
Changed blocks: 17, Lines Added: 18, Lines Deleted: 32; 7488 bytes
@@ -1416,7 +1416,7 @@
password packet in the connection protocol could cause the
server to crash. Thanks for Dormando for reporting this bug
and providing details and a proof of concept.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3780">CVE-2007-3780</ulink>,
+ (CVE-2007-3780,
Bug #28984)
</para>
</listitem>
@@ -1427,7 +1427,7 @@
TABLE LIKE</literal> did not require any privileges on the
source table. Now it requires the <literal>SELECT</literal>
privilege.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781">CVE-2007-3781</ulink>,
+ (CVE-2007-3781,
Bug #25578)
</para>
@@ -2821,7 +2821,7 @@
<emphasis role="bold">Security fix</emphasis>: Use of a view
could allow a user to gain update privileges for tables in
other databases.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3782">CVE-2007-3782</ulink>,
+ (CVE-2007-3782,
Bug #27878)
</para>
</listitem>
@@ -4432,7 +4432,7 @@
routine was declared using <literal>SQL SECURITY
INVOKER</literal>, a user who invoked the routine could gain
privileges.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692">CVE-2007-2692</ulink>,
+ (CVE-2007-2692,
Bug #27337)
</para>
</listitem>
@@ -4442,7 +4442,7 @@
<emphasis role="bold">Security fix</emphasis>: The requirement
of the <literal>DROP</literal> privilege for <literal>RENAME
TABLE</literal> was not being enforced.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2691">CVE-2007-2691</ulink>,
+ (CVE-2007-2691,
Bug #27515)
</para>
</listitem>
@@ -4453,7 +4453,7 @@
only the <literal>ALTER</literal> privilege on a partitioned
table could obtain information about the table that should
require the <literal>SELECT</literal> privilege.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2693">CVE-2007-2693</ulink>,
+ (CVE-2007-2693,
Bug #23675)
</para>
</listitem>
@@ -6110,7 +6110,7 @@
<para>
Evaluation of an <literal>IN()</literal> predicate containing
a decimal-valued argument caused a server crash.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2583">CVE-2007-2583</ulink>)
+ (CVE-2007-2583)
(Bug #27362, Bug #27513)
</para>
</listitem>
@@ -8112,7 +8112,7 @@
<literal>INFORMATION_SCHEMA</literal> table with
<literal>ORDER BY</literal> in a subquery could cause a server
crash.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1420">CVE-2007-1420</ulink>,
+ (CVE-2007-1420,
Bug #24630, Bug #26556) We would like to thank Oren Isacson
from Flowgate Security Consulting as well as well as Stefan
Streichsbier from SEC Consult for informing us about this
@@ -15562,9 +15562,7 @@
was possible for a user granted rights on a database to create
or access a database whose name differed only from that of the
first by the case of one or more letters.
- (<ulink
- url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4226"
- >CVE-2006-4226</ulink>,
+ (CVE-2006-4226,
Bug #17647)
</para>
</listitem>
@@ -15583,7 +15581,7 @@
you can start the server with the new
<option>--skip-merge</option> option to disable the
<literal>MERGE</literal> storage engine.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4031">CVE-2006-4031</ulink>,
+ (CVE-2006-4031,
Bug #15195)
</para>
</listitem>
@@ -15595,9 +15593,7 @@
different user using <literal>GRANT EXECUTE</literal> could be
executed by that user with the privileges of the routine's
definer.
- (<ulink
- url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4227"
- >CVE-2006-4227</ulink>,
+ (CVE-2006-4227,
Bug #18630)
</para>
</listitem>
@@ -20147,7 +20143,7 @@
encoding processing. The bug was in the server, incorrectly
parsing the string escaped with the
<literal>mysql_real_escape_string()</literal> C API function.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753">CVE-2006-2753</ulink>,
+ (CVE-2006-2753,
Bug #8378)
</para>
@@ -20850,12 +20846,8 @@
<literal>COM_TABLE_DUMP</literal> packets was able to read
uninitialized memory, which potentially, though unlikely in
MySQL, could have led to an information disclosure.
- (<ulink
- url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516"
- >CVE-2006-1516</ulink>,
- <ulink
- url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517"
- >CVE-2006-1517</ulink>)
+ (CVE-2006-1516,
+ CVE-2006-1517)
Thanks to Stefano Di Paola
<email>stefano.dipaola@stripped</email> for finding and
reporting this bug.
@@ -20868,9 +20860,7 @@
client, using specially crafted invalid
<literal>COM_TABLE_DUMP</literal> packets was able to trigger
an exploitable buffer overflow on the server.
- (<ulink
- url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1518"
- >CVE-2006-1518</ulink>)
+ (CVE-2006-1518)
Thanks to Stefano Di Paola
<email>stefano.dipaola@stripped</email> for finding and
reporting this bug.
@@ -20967,7 +20957,7 @@
A <literal>NUL</literal> byte within a comment in a statement
string caused the rest of the string not to be written to the
query log, allowing logging to be bypassed.
- (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0903">CVE-2006-0903</ulink>)
+ (CVE-2006-0903)
(Bug #17667)
</para>
</listitem>
@@ -22044,9 +22034,7 @@
<emphasis role="bold">Security fix</emphasis>: Invalid
arguments to <literal>DATE_FORMAT()</literal> caused a server
crash.
- (<ulink
- url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469"
- >CVE-2006-3469</ulink>,
+ (CVE-2006-3469,
Bug #20729) Thanks to Jean-David Maillefer for discovering and
reporting this problem to the Debian project and to Christian
Hammers from the Debian Team for notifying us of it.
@@ -24861,9 +24849,7 @@
<listitem>
<para>
<literal>STR_TO_DATE(1,NULL)</literal> caused a server crash.
- (<ulink
- url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3081"
- >CVE-2006-3081</ulink>,
+ (CVE-2006-3081,
Bug #15828)
</para>
</listitem>
Modified: trunk/tools/bug-prep.pl
===================================================================
--- trunk/tools/bug-prep.pl 2007-10-11 19:56:07 UTC (rev 8064)
+++ trunk/tools/bug-prep.pl 2007-10-11 21:07:50 UTC (rev 8065)
Changed blocks: 2, Lines Added: 2, Lines Deleted: 1; 562 bytes
@@ -1,4 +1,4 @@
-#! /usr/bin/perl -w
+#!/usr/bin/perl
# bug-prep.pl - Change (Bug #nnnn) to URLs. Used in the "prep" stage
# of DocBook output formatting. Uses regex similar to that in
# chunk-manual-for-web.
@@ -10,6 +10,7 @@
# 2005-06-15
use strict;
+use warnings;
$/ = undef;
$_ = <>; # slurp input document as single string
| Thread |
|---|
| • svn commit - mysqldoc@docsrva: r8065 - in trunk: . dynamic-docs/changelog pt/refman-5.1 tools | paul | 11 Oct |
