6280338 2001-03-27 21:45 +0200  /95 rader/ Jonas Eriksson <je@SEKURE.NET>
Sänt av: joel@lysator.liu.se
Importerad: 2001-03-28  05:34  av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: je@SEKURE.NET
Mottagare: Bugtraq (import) <16164>
Ärende: MySQL 3.23.36 is relased (fwd)
------------------------------------------------------------
From: Jonas Eriksson <je@SEKURE.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <Pine.BSO.4.21.0103272144000.5302-100000@birdie.sekure.net>

---------- Forwarded message ----------
Date: Tue, 27 Mar 2001 19:31:26 +0300 (EEST)
From: Michael Widenius <monty@mysql.com>
To: announce@lists.mysql.com, mysql@lists.mysql.com
Subject: MySQL 3.23.36 is relased


Hi!

This release should fix the final bugs we accidently got into 3.23.34
and a long security bug that has been in MySQL a long time!

The main fixed bugs are that UPDATE didn't always use keys when
updating on something not based on a primary key and that 'affected
rows' wasn't returned to the client if the mysqld server wasn't
compiled with support for transactions.

Somehow the above bugs slipped through our ever growing test-suit :(

The security bug was that where one could do bad things by using
database names that starts with '..'.  Now we don't anymore accept
database names that contains ','.

As noted in the manual: To be reasonable safe from security bugs, one
should never run the mysqld server as root!

We mainly recommend people running 3.23.34 or above to upgrade to this
version.  3.23.33 should be good enough for most usage (except if you
want to test out BDB or Innobase).

The other things fixed are only many minor things.

We have in this release also done a couple of minor changes to make
it possible to include the Gemini table handler without affecting any
of the main MySQL code.  This is just to make it possible for
people to soon start play with Gemini without having to start
using the 4.0 repository.


Changes in release 3.23.36
--------------------------

   * Fixed that one can't use database names with `.'.  This fixes a
     serious security issue when `mysqld' is run as root.

   * Fixed bug when thread creation failed (could happen when doing a
     LOT of connections in a short time).

   * Don't free the key cache on `FLUSH TABLES' as this will cause
     problems with temporary tables.

   * Fixed problem in Innobase with with other character sets than
     latin1 and another problem when using many columns.

   * Fixed a core-dump bug when using very complex query involving
     `DISTINCT' and summary functions.

   * Added `SET TRANSACTION ISOLATION LEVEL ...'

   * Added `SELECT ... FOR UPDATE'.

   * Fixed bug where affected rows where not returned when `MySQL' was
     compiled without transaction support.

   * Fixed a bug in `UPDATE' where keys weren't always used to find the
     rows to be updated.

   * Fixed a bug in `CONCAT_WS()' where it returned wrong results.

   * Changed `CREATE ... INSERT' and `INSERT ... SELECT' to not allow
     concurrent inserts as this could make the binary log hard to
     repeat.  (Concurrent inserts are enabled if you are not using the
     binary or update log).

   * Changed some macros to be able to use fast mutex with glibc 2.2.


As always;  Please don't mail us if you can't find the release on the
download page right away;  It will take a short time until our mirrors
are up to date!

Regards,
Monty

---------------------------------------------------------------------
To request this thread, e-mail announce-thread91@lists.mysql.com
To unsubscribe, e-mail the address shown in the
List-Unsubscribe header of this message.
For additional commands, e-mail: announce-help@lists.mysql.com
(6280338) /Jonas Eriksson <je@SEKURE.NET>/----------