Privilege escalation: http://bugs.mysql.com/bug.php?id=17647 if you have rights on the "foo" database, you can create foO, fOo, fOO, Foo .... databases. bypass some security restriction: http://bugs.mysql.com/bug.php?id=18630 all in SA 21506 http://secunia.com/advisories/21506/ That will be corrected in 5.0.25
It's already fixed in upstream CVS. Should we use the patch or wait for 5.0.25?
Lets wait for the upstream release.
dev-db/mysql-5.0.26 is in the tree which fixes those problems (5.0.25 wasn't released to the wide public, only to commercial customers). The bug can be closed I think since no mysql-5 version is stable yet. Best regards, CHTEKK.
gracious stealth ping to the understaffed security team
thanks vivo ;-) closing this without GLSA, since mysql 5.x is still marked ~arch