-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 11 Sep 2003, Christian Hammers wrote:
> Again(!) I remark that you put a notice about a potential root exploit
> somewhere near line 100 or so instead as a big fat "SECURITY: ..."
> warning on top of the changelog.
Why do you think it's a root exploit? You need to already have root
privileges on the database to be able to trigger this crash. We fixed
multiple other bugs that could cause mysqld to crash without requiring
mysql root privileges.
> Although this time it's at least the first entry in the bugs section,
> I propose you to change that in future as admins and especially package
> maintainers should see such things at the first glance.
Yes, fully agreed. If this would have been a really critical bug (e.g.
remotely exploitable), we would have done that. Probably the wording of
this specific entry is misleading. Sorry if this is the case.
Lenz Grimmer <lenz@stripped>
Senior Production Engineer
MySQL GmbH, http://www.mysql.de/
For technical support contracts, visit https://order.mysql.com/?ref=mlgr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
-----END PGP SIGNATURE-----