2010-11-15 17:24:09 by Jonathan Perkin | Files touched by this commit (2) |
Log message:
Drop maintainer, ENOTIME.
|
2010-09-23 17:22:44 by Joerg Sonnenberger | Files touched by this commit (1) |
Log message:
Restrict dependency to the intended 5.0 client.
|
2010-06-02 15:34:45 by Takahiro Kambe | Files touched by this commit (4) |
Log message:
Update mysql5-{client,server} package to 5.0.91.
For full changes, refer http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html.
Here is security related changes.
* Security Fix: The server failed to check the table name argument of
a COM_FIELD_LIST command packet for validity and compliance to
acceptable table name standards. This could be exploited to bypass
almost all forms of checks for privileges and table-level grants by
providing a specially crafted table name argument to COM_FIELD_LIST.
In MySQL 5.0 and above, this allowed an authenticated user with
SELECT privileges on one table to obtain the field definitions of
any table in all other databases and potentially of other MySQL
instances accessible from the server's file system.
Additionally, for MySQL version 5.1 and above, an authenticated user
with DELETE or SELECT privileges on one table could delete or read
content from any other table in all databases on this server, and
potentially of other MySQL instances accessible from the server's
file system. (Bug#53371, CVE-2010-1848)
* Security Fix: The server was susceptible to a buffer-overflow attack
due to a failure to perform bounds checking on the table name
argument of a COM_FIELD_LIST command packet. By sending long data
for the table name, a buffer is overflown, which could be exploited
by an authenticated user to inject malicious code. (Bug#53237,
CVE-2010-1850)
* Security Fix: The server could be tricked into reading packets
indefinitely if it received a packet larger than the maximum size of
one packet. (Bug#50974, CVE-2010-1849)
|
2010-02-18 16:46:10 by Takahiro Kambe | Files touched by this commit (26) |
Log message:
Update mysql5-client and mysql5-server package to version 5.0.90.
This release many bug fixes and DoS security problem (CVE-2009-4484).
Plese refer these URL in detail.
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-89.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html
There some minor pkgsrc change to prevent compile time warnings.
|
2010-01-17 13:02:58 by Thomas Klausner | Files touched by this commit (724) | |
Log message:
Recursive PKGREVISION bump for jpeg update to 8.
|
2010-01-16 18:57:38 by Thomas Klausner | Files touched by this commit (22) |
Log message:
Remove workaround for compiler bug in gcc2 on sparc64.
|
2009-11-26 17:33:30 by Matthias Scheler | Files touched by this commit (15) |
Log message:
Update "mysql5-client" and "mysql5-server" package to \
version 5.0.88.
This release fixes a large number of bugs and security vulnerabilities
including SA37372.
For detailed list of all the changes since 5.0.67 have a look here, please:
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
|
2009-07-19 15:14:21 by Matthias Scheler | Files touched by this commit (1) |
Log message:
Set license to gnu-gpl-v2.
|
2009-06-14 19:43:27 by Joerg Sonnenberger | Files touched by this commit (120) |
Log message:
Remove @dirrm entries from PLISTs
|
2009-05-20 02:58:30 by Thomas Klausner | Files touched by this commit (277) | |
Log message:
Recursive ABI depends update and PKGREVISION bump for readline-6.0 shlib
major change.
Reported by Robert Elz in PR 41345.
|