6280338 2001-03-27 21:45 +0200 /95 rader/ Jonas Eriksson <je@SEKURE.NET> Sänt av: joel@lysator.liu.se Importerad: 2001-03-28 05:34 av Brevbäraren Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM Externa svar till: je@SEKURE.NET Mottagare: Bugtraq (import) <16164> Ärende: MySQL 3.23.36 is relased (fwd) ------------------------------------------------------------ From: Jonas Eriksson <je@SEKURE.NET> To: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <Pine.BSO.4.21.0103272144000.5302-100000@birdie.sekure.net> ---------- Forwarded message ---------- Date: Tue, 27 Mar 2001 19:31:26 +0300 (EEST) From: Michael Widenius <monty@mysql.com> To: announce@lists.mysql.com, mysql@lists.mysql.com Subject: MySQL 3.23.36 is relased Hi! This release should fix the final bugs we accidently got into 3.23.34 and a long security bug that has been in MySQL a long time! The main fixed bugs are that UPDATE didn't always use keys when updating on something not based on a primary key and that 'affected rows' wasn't returned to the client if the mysqld server wasn't compiled with support for transactions. Somehow the above bugs slipped through our ever growing test-suit :( The security bug was that where one could do bad things by using database names that starts with '..'. Now we don't anymore accept database names that contains ','. As noted in the manual: To be reasonable safe from security bugs, one should never run the mysqld server as root! We mainly recommend people running 3.23.34 or above to upgrade to this version. 3.23.33 should be good enough for most usage (except if you want to test out BDB or Innobase). The other things fixed are only many minor things. We have in this release also done a couple of minor changes to make it possible to include the Gemini table handler without affecting any of the main MySQL code. This is just to make it possible for people to soon start play with Gemini without having to start using the 4.0 repository. Changes in release 3.23.36 -------------------------- * Fixed that one can't use database names with `.'. This fixes a serious security issue when `mysqld' is run as root. * Fixed bug when thread creation failed (could happen when doing a LOT of connections in a short time). * Don't free the key cache on `FLUSH TABLES' as this will cause problems with temporary tables. * Fixed problem in Innobase with with other character sets than latin1 and another problem when using many columns. * Fixed a core-dump bug when using very complex query involving `DISTINCT' and summary functions. * Added `SET TRANSACTION ISOLATION LEVEL ...' * Added `SELECT ... FOR UPDATE'. * Fixed bug where affected rows where not returned when `MySQL' was compiled without transaction support. * Fixed a bug in `UPDATE' where keys weren't always used to find the rows to be updated. * Fixed a bug in `CONCAT_WS()' where it returned wrong results. * Changed `CREATE ... INSERT' and `INSERT ... SELECT' to not allow concurrent inserts as this could make the binary log hard to repeat. (Concurrent inserts are enabled if you are not using the binary or update log). * Changed some macros to be able to use fast mutex with glibc 2.2. As always; Please don't mail us if you can't find the release on the download page right away; It will take a short time until our mirrors are up to date! Regards, Monty --------------------------------------------------------------------- To request this thread, e-mail announce-thread91@lists.mysql.com To unsubscribe, e-mail the address shown in the List-Unsubscribe header of this message. For additional commands, e-mail: announce-help@lists.mysql.com (6280338) /Jonas Eriksson <je@SEKURE.NET>/----------