Fix security issues CAN-2004-0835, CAN-2004-0836, CAN-2004-0837

2004-10-12 18:15:32 +00:00 · 2004-10-12 18:15:32 +00:00 · e8b8fafc70
commit e8b8fafc70
parent 516ba6c198
1 changed files with 8 additions and 1 deletions
--- a/mysql.spec
+++ b/mysql.spec
@ -1,6 +1,6 @@
 Name: mysql
 Version: 3.23.58
-Release: 12
+Release: 13
 Source0: http://www.mysql.com/Downloads/MySQL-3.23/mysql-%{version}.tar.gz
 Source1: mysql.init
 Source2: mysql.logrotate
@ -17,6 +17,7 @@ Patch5: mysql-3.23.58-typo.patch
 Patch6: mysql-3.23.58-symlink.patch
 Patch7: mysql-3.23.58-dropdb.patch
 Patch8: mysql-3.23.58-config.patch
+Patch9: mysql-3.23.58-security.patch
 URL: http://www.mysql.com
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 Summary: MySQL client programs and shared libraries.
@ -97,6 +98,7 @@ MySQL.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1

 libtoolize --force
 aclocal
@ -307,6 +309,11 @@ fi
 %{_datadir}/sql-bench

 %changelog
+* Tue Oct 12 2004 Tom Lane <tgl@redhat.com> 3.23.58-13
+- fix security issues CAN-2004-0835, CAN-2004-0836, CAN-2004-0837
+  (bugs #135372, 135375, 135387)
+- fix privilege escalation on GRANT ALL ON `Foo\_Bar` (no CVE yet)
+
 * Wed Oct 06 2004 Tom Lane <tgl@redhat.com> 3.23.58-12
 - fix multilib problem with mysqlbug and mysql_config
 - adjust chkconfig priority per bug #128852