Author: paul
Date: 2007-10-12 21:29:01 +0200 (Fri, 12 Oct 2007)
New Revision: 8082
Log:
r31036@arctic: paul | 2007-10-12 14:19:17 -0500
Reformat
Modified:
trunk/pt/refman-5.1/news-5.1.xml
Property changes on: trunk
___________________________________________________________________
Name: svk:merge
- 4767c598-dc10-0410-bea0-d01b485662eb:/mysqldoc-local/mysqldoc/trunk:30950
7d8d2c4e-af1d-0410-ab9f-b038ce55645b:/mysqldoc-local/mysqldoc:25498
b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:14218
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:20005
+ 4767c598-dc10-0410-bea0-d01b485662eb:/mysqldoc-local/mysqldoc/trunk:31036
7d8d2c4e-af1d-0410-ab9f-b038ce55645b:/mysqldoc-local/mysqldoc:25498
b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:14218
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:20005
Modified: trunk/pt/refman-5.1/news-5.1.xml
===================================================================
--- trunk/pt/refman-5.1/news-5.1.xml 2007-10-12 17:46:06 UTC (rev 8081)
+++ trunk/pt/refman-5.1/news-5.1.xml 2007-10-12 19:29:01 UTC (rev 8082)
Changed blocks: 17, Lines Added: 26, Lines Deleted: 49; 7559 bytes
@@ -1415,8 +1415,7 @@
<emphasis role="bold">Security fix</emphasis>: A malformed
password packet in the connection protocol could cause the
server to crash. Thanks for Dormando for reporting this bug
- and providing details and a proof of concept.
- (CVE-2007-3780,
+ and providing details and a proof of concept. (CVE-2007-3780,
Bug #28984)
</para>
</listitem>
@@ -1426,9 +1425,7 @@
<emphasis role="bold">Security Fix</emphasis>: <literal>CREATE
TABLE LIKE</literal> did not require any privileges on the
source table. Now it requires the <literal>SELECT</literal>
- privilege.
- (CVE-2007-3781,
- Bug #25578)
+ privilege. (CVE-2007-3781, Bug #25578)
</para>
<para>
@@ -2820,9 +2817,7 @@
<para>
<emphasis role="bold">Security fix</emphasis>: Use of a view
could allow a user to gain update privileges for tables in
- other databases.
- (CVE-2007-3782,
- Bug #27878)
+ other databases. (CVE-2007-3782, Bug #27878)
</para>
</listitem>
@@ -4431,9 +4426,7 @@
<emphasis role="bold">Security fix</emphasis>: If a stored
routine was declared using <literal>SQL SECURITY
INVOKER</literal>, a user who invoked the routine could gain
- privileges.
- (CVE-2007-2692,
- Bug #27337)
+ privileges. (CVE-2007-2692, Bug #27337)
</para>
</listitem>
@@ -4441,9 +4434,8 @@
<para>
<emphasis role="bold">Security fix</emphasis>: The requirement
of the <literal>DROP</literal> privilege for <literal>RENAME
- TABLE</literal> was not being enforced.
- (CVE-2007-2691,
- Bug #27515)
+ TABLE</literal> was not being enforced. (CVE-2007-2691, Bug
+ #27515)
</para>
</listitem>
@@ -4453,8 +4445,7 @@
only the <literal>ALTER</literal> privilege on a partitioned
table could obtain information about the table that should
require the <literal>SELECT</literal> privilege.
- (CVE-2007-2693,
- Bug #23675)
+ (CVE-2007-2693, Bug #23675)
</para>
</listitem>
@@ -6110,8 +6101,7 @@
<para>
Evaluation of an <literal>IN()</literal> predicate containing
a decimal-valued argument caused a server crash.
- (CVE-2007-2583)
- (Bug #27362, Bug #27513)
+ (CVE-2007-2583) (Bug #27362, Bug #27513)
</para>
</listitem>
@@ -8111,12 +8101,10 @@
<emphasis role="bold">Security fix</emphasis>: Using an
<literal>INFORMATION_SCHEMA</literal> table with
<literal>ORDER BY</literal> in a subquery could cause a server
- crash.
- (CVE-2007-1420,
- Bug #24630, Bug #26556) We would like to thank Oren Isacson
- from Flowgate Security Consulting as well as well as Stefan
- Streichsbier from SEC Consult for informing us about this
- problem.
+ crash. (CVE-2007-1420, Bug #24630, Bug #26556) We would like
+ to thank Oren Isacson from Flowgate Security Consulting as
+ well as well as Stefan Streichsbier from SEC Consult for
+ informing us about this problem.
</para>
</listitem>
@@ -15561,9 +15549,8 @@
possibly other platforms using case-sensitive filesystems, it
was possible for a user granted rights on a database to create
or access a database whose name differed only from that of the
- first by the case of one or more letters.
- (CVE-2006-4226,
- Bug #17647)
+ first by the case of one or more letters. (CVE-2006-4226, Bug
+ #17647)
</para>
</listitem>
@@ -15580,9 +15567,8 @@
<replaceable>m</replaceable>. If this behavior is undesirable,
you can start the server with the new
<option>--skip-merge</option> option to disable the
- <literal>MERGE</literal> storage engine.
- (CVE-2006-4031,
- Bug #15195)
+ <literal>MERGE</literal> storage engine. (CVE-2006-4031, Bug
+ #15195)
</para>
</listitem>
@@ -15592,9 +15578,7 @@
routine created by one user and then made accessible to a
different user using <literal>GRANT EXECUTE</literal> could be
executed by that user with the privileges of the routine's
- definer.
- (CVE-2006-4227,
- Bug #18630)
+ definer. (CVE-2006-4227, Bug #18630)
</para>
</listitem>
@@ -20143,8 +20127,7 @@
encoding processing. The bug was in the server, incorrectly
parsing the string escaped with the
<literal>mysql_real_escape_string()</literal> C API function.
- (CVE-2006-2753,
- Bug #8378)
+ (CVE-2006-2753, Bug #8378)
</para>
<para>
@@ -20846,9 +20829,7 @@
<literal>COM_TABLE_DUMP</literal> packets was able to read
uninitialized memory, which potentially, though unlikely in
MySQL, could have led to an information disclosure.
- (CVE-2006-1516,
- CVE-2006-1517)
- Thanks to Stefano Di Paola
+ (CVE-2006-1516, CVE-2006-1517) Thanks to Stefano Di Paola
<email>stefano.dipaola@stripped</email> for finding and
reporting this bug.
</para>
@@ -20859,8 +20840,7 @@
<emphasis role="bold">Security fix</emphasis>: A malicious
client, using specially crafted invalid
<literal>COM_TABLE_DUMP</literal> packets was able to trigger
- an exploitable buffer overflow on the server.
- (CVE-2006-1518)
+ an exploitable buffer overflow on the server. (CVE-2006-1518)
Thanks to Stefano Di Paola
<email>stefano.dipaola@stripped</email> for finding and
reporting this bug.
@@ -20956,8 +20936,7 @@
<para>
A <literal>NUL</literal> byte within a comment in a statement
string caused the rest of the string not to be written to the
- query log, allowing logging to be bypassed.
- (CVE-2006-0903)
+ query log, allowing logging to be bypassed. (CVE-2006-0903)
(Bug #17667)
</para>
</listitem>
@@ -22033,11 +22012,10 @@
<para>
<emphasis role="bold">Security fix</emphasis>: Invalid
arguments to <literal>DATE_FORMAT()</literal> caused a server
- crash.
- (CVE-2006-3469,
- Bug #20729) Thanks to Jean-David Maillefer for discovering and
- reporting this problem to the Debian project and to Christian
- Hammers from the Debian Team for notifying us of it.
+ crash. (CVE-2006-3469, Bug #20729) Thanks to Jean-David
+ Maillefer for discovering and reporting this problem to the
+ Debian project and to Christian Hammers from the Debian Team
+ for notifying us of it.
</para>
</listitem>
@@ -24849,8 +24827,7 @@
<listitem>
<para>
<literal>STR_TO_DATE(1,NULL)</literal> caused a server crash.
- (CVE-2006-3081,
- Bug #15828)
+ (CVE-2006-3081, Bug #15828)
</para>
</listitem>
| Thread |
|---|
| • svn commit - mysqldoc@docsrva: r8082 - in trunk: . pt/refman-5.1 | paul | 12 Oct |
