|
Message-Id: <200809091418.43187.rbu@gentoo.org>
Date: Tue, 9 Sep 2008 14:18:40 +0200
From: Robert Buchholz <rbu@...too.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: MySQL empty bit-string literal server crash
Hi,
we consider the following bug a security issue. I'm not sure whether
MySQL upstream feels so as well. Quoting the ChangeLog:
An empty bit-string literal (b'') caused a server crash. Now the value
is parsed as an empty bit value (which is treated as an empty string
in string context or 0 in numeric context). (Bug#35658)
Bug:
http://bugs.mysql.com/bug.php?id=35658
ChangeLogs:
* 5.0.66
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html
* 5.1.26
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html
* 6.0.6
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html
Gentoo handles this as bug 237166 [ https://bugs.gentoo.org/237166 ].
Thanks,
Robert
Download attachment "signature.asc " of type "application/pgp-signature" (836 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.