MySQL Lists: packagers: Re: MySQL 5.0.51 has been released

List:	Packagers	« Previous Message Next Message »
From:	Joerg Bruehe	Date:	December 6 2007 7:26pm
Subject:	Re: MySQL 5.0.51 has been released
View as plain text

Hi Norbert, all !


Norbert Tretkowski wrote:
> Am Donnerstag, den 06.12.2007, 19:40 +0100 schrieb Joerg Bruehe:
>> Security fix:
>>     * Using RENAME TABLE against a table with explicit DATA
>>       DIRECTORY and INDEX DIRECTORY options can be used to
>>       overwrite system table information by replacing the file
>>       to which the symlink points.
>>       MySQL will now return an error when the file to which the
>>       symlink points already exists.
>>       (Bug#32111: http://bugs.mysql.com/32111, CVE-2007-5969
>>       (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969))
> 
> Why is the fix for CVE-2007-5925 (Bug#32125) missing?

Bad timing:
The sources for 5.0.51 were cloned before this fix got in.


Sorry,
Jörg

-- 
Joerg Bruehe, Senior Production Engineer
MySQL AB, www.mysql.com

Thread