CAN-2004-0457 http://lists.mysql.com/internals/15185 has the patch Debian used according to the changelog of the stable version: "mysql (3.23.49-8.7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch by Sergei Golubchik <serg@mysql.com> to fix insecure temporary file creation [scripts/mysqlhotcopy.sh, http://lists.mysql.com/internals/15185, CAN-2004-0457] -- Martin Schulze <joey@infodrom.org> Sat, 14 Aug 2004 17:24:09 +0200" and: http://packages.debian.org/changelogs/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-11/changelog "mysql-dfsg (4.0.20-11) unstable; urgency=high * SECURITY This version fixes a security flaw in mysqlhotcopy which created temporary files in /tmp which had predictable filenames and such could be used for a tempfile run attack. The issue has been recorded as CAN-2004-0457. -- Christian Hammers <ch@debian.org> Sat, 14 Aug 2004 18:27:19 +0200" Reproducible: Always Steps to Reproduce:
mysql-bugs please provide an updated ebuild.
in cvs now. 3.23.58-r1 4.0.20-r1
Arches please mark stable. Target keywords: 3.23.58-r1 alpha hppa ppc sparc x86 4.0.20-r1 alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sparc x86
Package maintainers, is it possible to test a test case or two that would show this is indeed fixed? Security, sorry for sounding like a broken record ;)
weeve: I don't even know anybody that uses the affected utility, much less be able to produce a halfway usable testcase for it. This is one of the times I'd say that so long as the fixed code is in the mysqlhotcopy script, I'd have to leave it at that.
masked stable on ppc.
3.23.58-r1 & 4.0.20-r1 sparc stable. The test case can be done in a simple way, use mysqlhotcopy to copy (sic) a big db, so as to have time to kill the process and check the resulting non-cleaned up temporary file it uses. Otherwise you can play with an strace, but it's a torture.
Stable on mips
Stable on alpha.
moved to stable for arm/hppa/amd64/ia64
***bump*** Arches please mark stable ***bump***
done on x86.
GLSA 200409-02 ppc64, s390 : please mark mysql-4.0.20-r1 stable to benefit from that GLSA.
fixed on ppc64