CVE-2007-6303

NameCVE-2007-6303
DescriptionMySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs455737

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mysql-dfsg-4.1source(unstable)(unfixed)
mysql-dfsg-5.0sourceetch(not affected)
mysql-dfsg-5.0source(unstable)5.0.45-5low455737

Notes

[etch] - mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced after 5.0.32)
Search for package or bug name: Reporting problems