Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 142815 - <dev-db/mysql-5.0.24: privilege bypass
Summary: <dev-db/mysql-5.0.24: privilege bypass
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: ~3? [noglsa] DerCorny
Depends on:
Reported: 2006-08-04 09:48 UTC by Alexander M. Turek
Modified: 2006-08-08 10:01 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alexander M. Turek 2006-08-04 09:48:53 UTC
MySQL 5.0.24 has been released.

It would be great, if you could add an ebuild for this release to portage.
Comment 1 Luca Longinotti (RETIRED) gentoo-dev 2006-08-04 10:18:14 UTC
From ChangeLog:

Security fix: If a user has access to MyISAM table t, that user can create a MERGE table m  that accesses t. However, if the user's privileges on t are subsequently revoked, the user can continue to access t by doing so through m. If this behavior is undesirable, you can start the server with the new --skip-merge option to disable the MERGE storage engine. (Bug#15195)

Same bug as in <4.1.21, not really critical, but I'll bump MySQL this evening (didn't know about this week-old release cause upstream forgot to announce it).
Best regards, CHTEKK.
Comment 2 Luca Longinotti (RETIRED) gentoo-dev 2006-08-04 10:22:04 UTC
Add mysql-bugs to CC.
Best regards, CHTEKK.
Comment 3 Stefan Cornelius (RETIRED) gentoo-dev 2006-08-04 10:24:28 UTC
looking forward to the bump :) cheers!
Comment 4 Luca Longinotti (RETIRED) gentoo-dev 2006-08-08 06:13:07 UTC
dev-db/mysql-5.0.24 is in the tree now, doesn't require any arch-team intervention as it's unstable on all arches.
Best regards, CHTEKK.
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-08-08 10:01:12 UTC
Thx Luca. Closing this without GLSA as it was never stable.