| Name | CVE-2012-4414 |
| Description | Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 687484, 687485 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| mysql-5.1 | source | (unstable) | 5.1.72-1 | low | 687484 | |
| mysql-5.5 | source | (unstable) | 5.5.30+dfsg-1 | 687485 |
[squeeze] - mysql-5.1 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x)