CVE-2006-1516

Name	CVE-2006-1516
Description	The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1071-1, DSA-1073-1, DSA-1079-1
Debian Bugs	356751, 365938, 365939, 366043, 366044

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
mysql	source	woody	3.23.49-8.15		DSA-1071-1
mysql	source	(unstable)	(unfixed)	low		365939
mysql-dfsg	source	sarge	4.0.24-10sarge2		DSA-1079-1
mysql-dfsg	source	(unstable)	(unfixed)	low		356751, 365939
mysql-dfsg-4.1	source	sarge	4.1.11a-4sarge3		DSA-1073-1
mysql-dfsg-4.1	source	(unstable)	(unfixed)	low		365939, 366043
mysql-dfsg-5.0	source	(unstable)	5.0.21-1	low		365938, 365939, 366044