List:Packagers« Previous MessageNext Message »
From:Lenz Grimmer Date:September 11 2003 8:50am
Subject:Re: MySQL 4.0.15 has been released
View as plain text  
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Christian,

On Thu, 11 Sep 2003, Christian Hammers wrote:

> Again(!) I remark that you put a notice about a potential root exploit
> somewhere near line 100 or so instead as a big fat "SECURITY: ..."
> warning on top of the changelog.

Why do you think it's a root exploit? You need to already have root
privileges on the database to be able to trigger this crash. We fixed
multiple other bugs that could cause mysqld to crash without requiring
mysql root privileges.

> Although this time it's at least the first entry in the bugs section,
> I propose you to change that in future as admins and especially package
> maintainers should see such things at the first glance.

Yes, fully agreed. If this would have been a really critical bug (e.g.
remotely exploitable), we would have done that. Probably the wording of
this specific entry is misleading. Sorry if this is the case.

Bye,
	LenZ
- -- 
 Lenz Grimmer <lenz@stripped>
 Senior Production Engineer
 MySQL GmbH, http://www.mysql.de/
 Hamburg, Germany

 For technical support contracts, visit https://order.mysql.com/?ref=mlgr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE/YDdISVDhKrJykfIRAu7kAJwKtO19Axixs3ni81nNHEto/3YdugCfTe1A
/cMMnHFtVE7W9v2XyDTG86Q=
=fFtZ
-----END PGP SIGNATURE-----
Thread