From changelog: Security fix: A malformed password packet in the connection protocol could cause the server to crash. Thanks for Dormando for reporting this bug and providing details and a proof of concept. (Bug#28984) Security Fix: CREATE TABLE LIKE did not require any privileges on the source table. Now it requires the SELECT privilege. (Bug#25578) In addition, CREATE TABLE LIKE was not isolated from alteration by other connections, which resulted in various errors and incorrect binary log order when trying to execute concurrently a CREATE TABLE LIKE statement and either DDL statements on the source table or DML or DDL statements on the target table. (Bug#23667)
Please try get the package version matrix right. The fixes/issues are in the upstream releases that I corrected the summary to. http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-44.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html We have enterprise 5.0.44 in the tree already, but not community 5.0.45. I'll try to have the new community version in the tree before the end of the weekend.
community-5.0.45 in CVS now. I'll post testing instructions for arches in a moment.
Testing procedures: FEATURES='userpriv test' USE='ssl cluster extraengine' emerge =mysql-5.0.44 FEATURES='userpriv test' USE='ssl cluster extraengine' emerge =mysql-community-5.0.45 There should be _no_ failures at all this time. All past failures accounted for and handled. I can complete the tests on my machines (ppc64-32ul, x86, amd64). Target keywords: mysql: alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86 mysql-community: (none, the package is ~arch only).
Arches please test and mark stable.
alpha/ia64/x86 after a lot of time passing the tests
dercorny asked me about the 5.0.44-r1 version I have in the tree. It runs the identical tests that 5.0.44 does, just moving some more bits into the eclass. It should have the identical result as plain 5.0.44, so feel free to test either.
*** Bug 185506 has been marked as a duplicate of this bug. ***
5.0.44-r1 ppc64 stable
ppc stable
dev-db/mysql-5.0.44-r1 stable for HPPA.
sparc stable.
amd64 stable
time for glsa decision. I tend to vote yes because of the server crash.
I vote YES.
Same than the last MySQL security bug, i don't understand why we don't use mysqld_safe to automatically restart mysqld... voting GLSA, since the server is shut down...
GLSA 200708-10, sorry for the delay...
