upstream bug is here http://bugs.mysql.com/bug.php?id=16470
supposedly a patch is out here: http://lists.mysql.com/commits/43522
this should be brought in to gentoo's portage tree immediately.
Steps to Reproduce:
mysql> grant blah on blah.blah to blah@blah identified by blah;
entire daemon dies immediately
This is actually a Denial of Service issue and should be handled as a security bug, re-assigning.
Short summary: Any user with GRANT permissions can crash the whole server.
mysql team, please bump.
It's not only a DoS issue, it prohibits regular use of grant statements.
All security relevant arches stable due to bug 246652.
I vote YES.
Returning to [ebuild]... the patch has not been committed to 5.0 as discussed on
I'm not sure whether upstream states that 5.0 is not affected, or they simply do not care.
It's in the tree as mysql-5.0.70-r1 now. Stabilization is in bug 246652.
Yes, too. Added bug # to a pending request.
security: bump for glsa on this
This issue was resolved and addressed in
GLSA 201201-02 at http://security.gentoo.org/glsa/glsa-201201-02.xml
by GLSA coordinator Tim Sammut (underling).