Bug #9864 new sql injection security bug
Submitted: 13 Apr 2005 10:10 Modified: 9 May 2005 2:57
Reporter: xuefer tinys Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:mysql-4.0.24 OS:
Assigned to: Jim Winstead CPU Architecture:Any

[13 Apr 2005 10:10] xuefer tinys
Description:
all my notes go into "Private comment"

How to repeat:
in "Private comment"
[13 Apr 2005 13:56] Sergei Golubchik
this looks like a http://bugs.mysql.com/8378
that was fixed in 4.1.11. Did you try 4.1.11 release ?
[15 Apr 2005 1:06] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/24035
[7 May 2005 14:32] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/24670
[7 May 2005 14:48] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/24672
[7 May 2005 15:58] Jim Winstead
Fixed in 4.0.25.
[9 May 2005 2:57] Paul DuBois
Noted in 4.0.25 changelog.