MySQL Bugs: #46441: CVE-2009-2446 for MySQL 5.0.x

Bug #46441	CVE-2009-2446 for MySQL 5.0.x
Submitted:	28 Jul 2009 23:24	Modified:	29 Jul 2009 15:58
Reporter:	Meiji KIMURA	Email Updates:
Status:	Duplicate	Impact on me:	None
Category:	MySQL Server: General	Severity:	S4 (Feature request)
Version:	5.0.x	OS:	Any
Assigned to:		CPU Architecture:	Any

View
Add Comment
Files
Developer
Edit Submission
View Progress Log
Contributions

Description:
CVE-2009-2446（http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2446）
reported Multiple format string vulnerabilities in libmysqld/sql_parse.cc (and also sql/sql_parse.cc) in mysqld in MySQL 4.0.0 through 5.0.83.

In MySQL 5.1.x, the source codes mentioned has deleted, so there is no vulnerabilities. (Macro #ifdef REMOVED deleted that part.)

If there any possibility the same patch for MySQL 5.0.x?

How to repeat:
See CVE-2009-2446（http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2446.

Suggested fix:
[Workaround]

Upgrade to MySQL 5.1.x or later.

[Suggested fix]

The same patch apply to MySQL 5.0.x.

Thank you for the bug report.

duplicate of bug#45790