Friday 30 September, vers 9h, Vincent Caron dactylographia : > On Fri, 2005-09-30 at 08:49 +0200, Martin Schulze wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > - > > -------------------------------------------------------------------------- > > Debian Security Advisory DSA 829-1 security@debian.org > > http://www.debian.org/security/ Martin Schulze September 30, 2005 > > http://www.debian.org/security/faq - > > -------------------------------------------------------------------------- > > > > Package : mysql > > Vulnerability : buffer overflow > > Problem type : remote > > Debian-specific: no > > CVE ID : CAN-2005-2558 > > BugTraq ID : 14509 > > > > A stack-based buffer overflow in the init_syms function of MySQL, > > a popular database, has been discovered that allows remote > > authenticated users who can create user-defined functions to > > execute arbitrary code via a long function_name field. The > > ability to create user-defined functions is not typically granted > > to untrusted users. > > > > The following vulnerability matrix shows which version of MySQL in > > which distribution has this problem fixed: > > > > woody sarge sid mysql 3.23.49-8.14 n/a n/a mysql-dfsg n/a > > 4.0.24-10sarge1 4.0.24-10sarge1 mysql-dfsg-4.1 n/a 4.1.11a-4sarge2 > > 4.1.14-2 mysql-dfsg-5.0 n/a n/a 5.0.11beta-3 > > That's not one of our package, I've checked. > Does it means that our is not affected, or that no fix is available for our so far? -- Mathieu Roy +---------------------------------------------------------------------+ | General Homepage: http://yeupou.coleumes.org/ | | Computing Homepage: http://alberich.coleumes.org/ | | Not a native english speaker: | | http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english | +---------------------------------------------------------------------+ -- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org