CVS commit: [pkgsrc-2010Q1] pkgsrc/databases

["S.P.Zeidler" <spz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   spz
Date:           Sun Jun  6 11:32:35 UTC 2010

Modified Files:
        pkgsrc/databases/mysql5-client [pkgsrc-2010Q1]: Makefile.common
            buildlink3.mk distinfo
        pkgsrc/databases/mysql5-server [pkgsrc-2010Q1]: distinfo

Log Message:
Pullup ticket 3139 - requested by taca
security update

Revisions pulled up:
- pkgsrc/databases/mysql5-client/Makefile.common        1.39
- pkgsrc/databases/mysql5-client/buildlink3.mk          1.16
- pkgsrc/databases/mysql5-client/distinfo               1.29
- pkgsrc/databases/mysql5-server/distinfo               1.25

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Wed Jun  2 13:34:45 UTC 2010

   Modified Files:
           pkgsrc/databases/mysql5-client: Makefile.common buildlink3.mk 
distinfo
           pkgsrc/databases/mysql5-server: distinfo

   Log Message:
   Update mysql5-{client,server} package to 5.0.91.

   For full changes, refer 
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html.

   Here is security related changes.

   * Security Fix: The server failed to check the table name argument of
     a COM_FIELD_LIST command packet for validity and compliance to
     acceptable table name standards. This could be exploited to bypass
     almost all forms of checks for privileges and table-level grants by
     providing a specially crafted table name argument to COM_FIELD_LIST.

     In MySQL 5.0 and above, this allowed an authenticated user with
     SELECT privileges on one table to obtain the field definitions of
     any table in all other databases and potentially of other MySQL
     instances accessible from the server's file system.

     Additionally, for MySQL version 5.1 and above, an authenticated user
     with DELETE or SELECT privileges on one table could delete or read
     content from any other table in all databases on this server, and
     potentially of other MySQL instances accessible from the server's
     file system. (Bug#53371, CVE-2010-1848)

   * Security Fix: The server was susceptible to a buffer-overflow attack
     due to a failure to perform bounds checking on the table name
     argument of a COM_FIELD_LIST command packet. By sending long data
     for the table name, a buffer is overflown, which could be exploited
     by an authenticated user to inject malicious code. (Bug#53237,
     CVE-2010-1850)

   * Security Fix: The server could be tricked into reading packets
     indefinitely if it received a packet larger than the maximum size of
     one packet. (Bug#50974, CVE-2010-1849)

   To generate a diff of this commit:
   cvs rdiff -u -r1.38 -r1.39 pkgsrc/databases/mysql5-client/Makefile.common
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/mysql5-client/buildlink3.mk
   cvs rdiff -u -r1.28 -r1.29 pkgsrc/databases/mysql5-client/distinfo
   cvs rdiff -u -r1.24 -r1.25 pkgsrc/databases/mysql5-server/distinfo


To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.38.2.1 pkgsrc/databases/mysql5-client/Makefile.common
cvs rdiff -u -r1.15 -r1.15.2.1 pkgsrc/databases/mysql5-client/buildlink3.mk
cvs rdiff -u -r1.28 -r1.28.2.1 pkgsrc/databases/mysql5-client/distinfo
cvs rdiff -u -r1.24 -r1.24.2.1 pkgsrc/databases/mysql5-server/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.