DSA-1877-1

Name	DSA-1877-1
Source	Debian
Description	mysql-dfsg-5.0 - arbitrary code
References	CVE-2009-2446
Debian/oldstable	package mysql-dfsg-5.0 is fixed in oldstable-security.
Debian/stable	not vulnerable
Debian/testing	not known to be vulnerable
Debian/unstable	not known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
mysql-dfsg-5.0 (PTS)	etch	5.0.32-7etch8	vulnerable
	etch (security)	5.0.32-7etch11	fixed
	lenny (security)	5.0.51a-24+lenny2	fixed
	lenny	5.0.51a-24+lenny2+spu1	fixed

The next table lists affected binary packages.

Binary Package	Release	Version	Status	Architecures
libmysqlclient15-dev, libmysqlclient15off, mysql-client-5.0, mysql-server-4.1, mysql-server-5.0	etch	5.0.32-7etch8	vulnerable	alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
	etch (security)	5.0.32-7etch10	vulnerable	s390
	etch (security)	5.0.32-7etch11	fixed	alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, sparc
libmysqlclient15-dev, libmysqlclient15off, mysql-client-5.0, mysql-server-5.0	lenny (security)	5.0.51a-24+lenny2	fixed	alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
	lenny	5.0.51a-24+lenny2+spu1	fixed	alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
mysql-client, mysql-common, mysql-server	etch	5.0.32-7etch8	vulnerable	all
	etch (security)	5.0.32-7etch11	fixed	all
	lenny (security)	5.0.51a-24+lenny2	fixed	all
	lenny	5.0.51a-24+lenny2+spu1	fixed	all

The information above is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
mysql-dfsg-5.0	source	etch	5.0.32-7etch11	unknown
mysql-dfsg-5.0	source	lenny	5.0.51a-24+lenny2	unknown

Home - Testing Security Team - Debian Security - Imprint