From a recent vendor-sec posting: (these bugs are public afaik, but I'm marking this private in our bugzilla system until I'm sure. Treat it as a fight club until further notice)
There have been a number of vulnerabilities discovered in recent
versions of the mysql server. Patches are available through URLs.
Oleksandr Byelkin noticed that ALTER TABLE ... RENAME checks
CREATE/INSERT rights of the old table instead of the new one.
Fixed bug in privilege checking of ALTER TABLE RENAME
Lukasz Wojtow noticed a buffer overrun in the mysql_real_connect
Fixed potential memory overrun in mysql_real_connect() (which
required a compromised DNS server and certain operating systems).
Dean Ellis noticed that multiple threads ALTERing the same (or
different) MERGE tables to change the UNION can cause the server
to crash or stall.
Fixed an old bug in concurrent accesses to MERGE tables (even one
MERGE table and MyISAM tables), that could've resulted in a crash or
hang of the server.
The following ones don't have a CVE id assigned to, but I'm in contact
with MITRE already.
Crash with MATCH..AGAINST (denial of service)
Only affects mysql 4.0
Privilege Escalation on GRANT ALL ON `Foo\_Bar`
Fixed bug in privilege checking where, under some conditions, one
was able to grant privileges on the database, he has no privileges on.
Does not only affect older versions than 4.0 as well.
mysql team -- can you review/patch as appropriate? Please treat this as a confidential bug report.
Debian published a DSA on the first three ones with CAN assignments.
*** Bug 67175 has been marked as a duplicate of this bug. ***
MySQL team : we're getting late on those... Please apply fixes and bump (or comment).
All these issues are in fact public fixed in 4.0.21... already in portage.
A little feedback from the MySQL team on this would have been appreciated.
Arches: please mark 4.0.21 stable
*** Bug 67343 has been marked as a duplicate of this bug. ***
Koon: sorry, I've been quite busy with schoolwork, and after I did finally get access to the bug (just having mysql-bugs on the CC doesn't let us into locked bugs), I only got to checking one of the items.
When you write up the GLSA, note that several of these apply to both the 3.23 and 4.0 MySQL versions.
stable on ppc
Stable on alpha.
stable on ppc64
Stable on hppa.
Stable on mips.
stable on x86.
Sorry guys, this one must have slipped through my attention. Stable now on amd64.
Drafted. Security please review.
*** Bug 69851 has been marked as a duplicate of this bug. ***