-----BEGIN PGP SIGNED MESSAGE-----
sorry for the late reply.
On Thu, 1 Jun 2006, Christian Hammers wrote:
> Debian likes to provide security updates for our last two releases which
> shipped with MySQL 3.23.49 and 4.0.24. Can you commend upon their
> vulnerability and maybe even provide patches? The 4.1 and 5.0 diffs were
> almost the same but do not apply to 3.23 and 4.0 which, too, look very
> similar so maybe at least a patch for 4.0 would be enough for us.
Joerg has already sent out a clarification about this - versions prior to
4.1 should not be affected.
> Do you have a prove of concept exploit that we could use to verify that our
> security uploads really fix the problem?
AFAIK Tom Lane from Red Hat has sent you his proof of concept code, hasn't he?
> Has there already a CVE id assigned to this issue or did you contact anybody
> to do so? Else the Debian Security Team could register one.
To my knowledge we had not done this yet and I am not aware that anybody else
had. So yes, that would be appreciated. In the future, we should take care of
this on time!
Lenz Grimmer <lenz@stripped>
Community Relations Manager, EMEA
MySQL GmbH, http://www.mysql.de/, Hamburg, Germany
Visit the MySQL Forge at http://forge.mysql.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
-----END PGP SIGNATURE-----