From: Lenz Grimmer Date: May 5 2003 8:32am Subject: Re: 4.x and double free change_user bug from january? List-Archive: http://lists.mysql.com/packagers/115 Message-Id: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, On Mon, 5 May 2003, Christian Hammers wrote: > Was the 4.x branch of mysql ever vulnerable to this bug? I didn't see > anything in the changelog: > > Changes in release 3.23.55 (23 Jan 2003) > * Fixed double free'd pointer bug in mysql_change_user() handling, > that enabled a specially hacked version of MySQL client to crash > mysqld. Note, that one needs to login to the server by using a > valid user account to be able to exploit this bug. According to the BitKeeper Changelog, this ChangeSet was pulled into 4.0 as well and is included from mysql-4.0.10 onwards: ChangeSet@stripped, 2003-01-21 16:07:31+01:00, serg@stripped fixed double-free bug in COM_CHANGE_USER But you are right, it should have been mentioned in the 4.0 Changelog of manual.texi as well. This is always a problem, when Changes from one tree are being pulled into another... Bye, LenZ - -- For technical support contracts, visit https://order.mysql.com/?ref=mlgr __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Mr. Lenz Grimmer / /|_/ / // /\ \/ /_/ / /__ MySQL AB, Production Engineer /_/ /_/\_, /___/\___\_\___/ Hamburg, Germany <___/ www.mysql.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+tiGGSVDhKrJykfIRApg7AJ0dVqgF1f5qd+Pvb24h6b6vCkt1WACfUoku FL2T6JANzWqsxGVDqH7uAJA= =UYSJ -----END PGP SIGNATURE-----