Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 261388 (CVE-2009-0819) - <dev-db/mysql-community-5.1.32 XPath expression DOS (CVE-2009-0819)
Summary: <dev-db/mysql-community-5.1.32 XPath expression DOS (CVE-2009-0819)
Status: RESOLVED FIXED
Alias: CVE-2009-0819
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor
Assignee: Gentoo Security
URL: http://bugs.mysql.com/bug.php?id=42495
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-05 23:15 UTC by Stefan Behte (RETIRED)
Modified: 2010-04-30 17:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-03-05 23:15:17 UTC 
CVE-2009-0819 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0819):
  sql/item_xmlfunc.cc in MySQL before 5.1.32 allows remote
  authenticated users to cause a denial of service (crash) via "an
  XPath expression employing a scalar expression as a FilterExpr with
  ExtractValue() or UpdateXML()," which triggers an assertion failure.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-03-05 23:16:48 UTC 
Sorry, it's even hard-masked.
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2010-02-01 01:32:53 UTC 
Fixed 5.1 ebuilds in the tree now.
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2010-02-01 15:09:41 UTC 
Thanks.