Re: CVE requests; issues fixed in MySQL 5.1.52

[Josh Bressers <bressers () redhat com>]

Did these ever get IDs? I've been away and don't want to dupe these.

Thanks.

-- 
    JB

----- Original Message -----
> Vincent Danen wrote:
> > I see the following changes as fixed in MySQL 5.1.52, but cannot
> > find
> > any CVEs for them:
> >
> > InnoDB Storage Engine: Security Fix: Issuing TRUNCATE TABLE and
> > examining the same table's information in the INFORMATION_SCHEMA
> > database at the same time could cause a crash in the debug version
> > of
> > the server. (Bug #54678)
> >
> > Security Fix: The server crashed for assignment of values of types
> > other
> > than Geometry to items of type GeometryCollection (MultiPoint,
> > MultiCurve, MultiSurface). Now the server checks the field type and
> > fails with bad geometry value if it detects incorrect parameters.
> > (Bug
> > #55531)
> >
> > Security Fix: EXPLAIN EXTENDED caused a server crash with some
> > prepared
> > statements. (Bug #54494)
> >
> > Security Fix: In prepared-statement mode, EXPLAIN for a SELECT from
> > a
> > derived table caused a server crash. (Bug #54488)
> >
> > There are a whole bunch of other crash-type bugs corrected in 5.1.52
> > that upstream did not explicitly flag as security, which might be
> > considered security-relevant as well:
> >
> > http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html
>
> Looks like this CVE request got lost.
>
> cu
> Ludwig
>
> --
> (o_ Ludwig Nussel
> //\
> V_/_ http://www.suse.de/
> SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix
> Imendörffer, HRB 16746 (AG Nürnberg)