-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
On Mon, 5 May 2003, Christian Hammers wrote:
> Was the 4.x branch of mysql ever vulnerable to this bug? I didn't see
> anything in the changelog:
>
> Changes in release 3.23.55 (23 Jan 2003)
> * Fixed double free'd pointer bug in mysql_change_user() handling,
> that enabled a specially hacked version of MySQL client to crash
> mysqld. Note, that one needs to login to the server by using a
> valid user account to be able to exploit this bug.
According to the BitKeeper Changelog, this ChangeSet was pulled into 4.0
as well and is included from mysql-4.0.10 onwards:
ChangeSet@stripped, 2003-01-21 16:07:31+01:00, serg@stripped
fixed double-free bug in COM_CHANGE_USER
But you are right, it should have been mentioned in the 4.0 Changelog of
manual.texi as well. This is always a problem, when Changes from one tree
are being pulled into another...
Bye,
LenZ
- --
For technical support contracts, visit https://order.mysql.com/?ref=mlgr
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Mr. Lenz Grimmer <lenz@stripped>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Production Engineer
/_/ /_/\_, /___/\___\_\___/ Hamburg, Germany
<___/ www.mysql.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE+tiGGSVDhKrJykfIRApg7AJ0dVqgF1f5qd+Pvb24h6b6vCkt1WACfUoku
FL2T6JANzWqsxGVDqH7uAJA=
=UYSJ
-----END PGP SIGNATURE-----
