From: Christian Hammers
Date: May 5 2003 7:54am
Subject: 4.x and double free change_user bug from january?
List-Archive: http://lists.mysql.com/packagers/114
Message-Id: <20030505075441.GB15625@westend.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

Hi

Was the 4.x branch of mysql ever vulnerable to this bug? I didn't see
anything in the changelog:

Changes in release 3.23.55 (23 Jan 2003)
    * Fixed double free'd pointer bug in mysql_change_user() handling,
      that enabled a specially hacked version of MySQL client to crash
      mysqld. Note, that one needs to login to the server by using a
      valid user account to be able to exploit this bug.

bye,

-christian-