Hello community, here is the log from the commit of package mysql checked in at Wed Apr 5 17:35:22 CEST 2006. -------- --- mysql/mysql.changes 2006-03-27 13:48:55.000000000 +0200 +++ mysql/mysql.changes 2006-04-04 13:50:41.000000000 +0200 @@ -1,0 +2,6 @@ +Tue Apr 4 13:58:58 CEST 2006 - mmarek@suse.cz + +- don't allow \0 in SQL even in comments + [#163157] (CVE-2006-0903.patch) + +------------------------------------------------------------------- Old: ---- minmem New: ---- mysql-5.0.18-CVE-2006-0903.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mysql.spec ++++++ --- /var/tmp/diff_new_pack.zBs45B/_old 2006-04-05 17:34:47.000000000 +0200 +++ /var/tmp/diff_new_pack.zBs45B/_new 2006-04-05 17:34:47.000000000 +0200 @@ -16,7 +16,7 @@ Requires: mysql-client perl-DBD-mysql Autoreqprov: on Version: 5.0.18 -Release: 11 +Release: 12 URL: http://www.mysql.com Summary: A True Multiuser, Multithreaded SQL Database Server PreReq: /usr/sbin/useradd /usr/sbin/groupadd fileutils %install_info_prereq %fillup_prereq %insserv_prereq @@ -34,6 +34,7 @@ Patch6: %{name}-%{version}-install_db.patch Patch7: %{name}-%{version}-4x-compat.patch Patch8: %{name}-%{version}-logrotate.patch +Patch9: %{name}-%{version}-CVE-2006-0903.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -204,6 +205,7 @@ %patch6 %patch7 %patch8 +%patch9 # remove unneeded man manpages rm -f man/mysqlman.1 man/safe_mysqld.1 @@ -522,6 +524,9 @@ %dir %attr(755, mysql, mysql) /usr/share/mysql-test/var %changelog -n mysql +* Tue Apr 04 2006 - mmarek@suse.cz +- don't allow \0 in SQL even in comments + [#163157] (CVE-2006-0903.patch) * Mon Mar 27 2006 - mmarek@suse.cz - require mysql-shared = %%version in mysql-devel * Tue Mar 07 2006 - mmarek@suse.cz ++++++ mysql-5.0.18-CVE-2006-0903.patch ++++++ --- sql/sql_lex.cc +++ sql/sql_lex.cc @@ -960,6 +960,9 @@ while (lex->ptr != lex->end_of_query && ((c=yyGet()) != '*' || yyPeek() != '/')) { + if (c == '\0') + return(ABORT_SYM); // NULLs illegal even in comments + if (c == '\n') lex->yylineno++; } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun...