MySQL Lists: commits: svn commit - mysqldoc@docsrva: r9594

List:	Commits	« Previous Message Next Message »
From:	paul	Date:	January 16 2008 3:51pm
Subject:	svn commit - mysqldoc@docsrva: r9594 - in trunk: . dynamic-docs/changelog
View as plain text

Author: paul
Date: 2008-01-16 15:51:10 +0100 (Wed, 16 Jan 2008)
New Revision: 9594

Log:
 r28661@frost:  paul | 2008-01-16 09:47:51 -0500
 Document security bugfix:
 Bug #33814	Pre-auth buffer-overflow in mySQL through yaSSL


Modified:
   trunk/dynamic-docs/changelog/mysqld-1.xml

Property changes on: trunk
___________________________________________________________________
Name: svk:merge
   - 4767c598-dc10-0410-bea0-d01b485662eb:/mysqldoc-local/mysqldoc/trunk:34883
7d8d2c4e-af1d-0410-ab9f-b038ce55645b:/mysqldoc-local/mysqldoc:28636
b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:14218
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:23202
   + 4767c598-dc10-0410-bea0-d01b485662eb:/mysqldoc-local/mysqldoc/trunk:34883
7d8d2c4e-af1d-0410-ab9f-b038ce55645b:/mysqldoc-local/mysqldoc:28661
b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:14218
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:23202


Modified: trunk/dynamic-docs/changelog/mysqld-1.xml
===================================================================
--- trunk/dynamic-docs/changelog/mysqld-1.xml	2008-01-16 00:15:06 UTC (rev 9593)
+++ trunk/dynamic-docs/changelog/mysqld-1.xml	2008-01-16 14:51:10 UTC (rev 9594)
Changed blocks: 1, Lines Added: 32, Lines Deleted: 0; 1017 bytes

@@ -5390,4 +5390,36 @@
 
   </logentry>
 
+  <logentry entrytype="bug">
+
+    <tags>
+      <manual type="yaSSL"/>
+      <highlight type="securityfix"/>
+    </tags>
+
+    <bugs>
+      <fixes bugid="33814"/>
+      <cve ref="CVE-2008-0226"/>
+    </bugs>
+
+    <versions>
+      <version ver="5.0.54a"/>
+      <version ver="5.1.23"/>
+      <version ver="6.0.4"/>
+    </versions>
+
+    <message>
+
+      <para>
+        yaSSL was subject to a pre-authentication buffer-overflow
+        exploit that could lead to remote code execution or a server
+        crash. The exploit requires a server with yaSSL enable and
+        TCP/IP connections enabled. The exploit does not apply to
+        OpenSSL.
+      </para>
+
+    </message>
+
+  </logentry>
+
 </changelog>

Thread
• svn commit - mysqldoc@docsrva: r9594 - in trunk: . dynamic-docs/changelog	paul	16 Jan