* [Sysadmins] Fwd: Clarification: MySQL 3.23 and 4.0 are NOT affected by the recent multibyte SQL injection problem
@ 2006-06-09 13:34 Michael Shigorin
0 siblings, 0 replies; only message in thread
From: Michael Shigorin @ 2006-06-09 13:34 UTC (permalink / raw)
To: sysadmins
----- Forwarded message from Joerg Bruehe <joerg/mysql.com> -----
Date: Thu, 08 Jun 2006 12:02:59 +0200
From: Joerg Bruehe <joerg/mysql.com>
To: announce/lists.mysql.com
Subject: Clarification: MySQL 3.23 and 4.0 are NOT affected by the recent multibyte SQL injection problem
Cc: MySQL General List <mysql/lists.mysql.com>,
packagers/lists.mysql.com
Hi,
this is in reply to various questions that have reached us after the
recent security fix, contained in MySQL 4.1.20, 4.0.22, and 5.1.11-beta:
The problem was a possible "SQL injection" risk, if the application sent
data using some multi-byte character sets, due to an incorrect parsing
in the server of strings generated by mysql_real_escape_string().
It had been introduced in 4.1 only, it does NOT affect any earlier
version (4.0 or 3.23).
As 3.23 and 4.0 never had this security risk, there is nothing to fix in
these releases.
We are sorry if anybody got the impression we were neglecting any such
security risk in older releases.
Enjoy!
Joerg
--
Joerg Bruehe, Senior Production Engineer
MySQL AB, www.mysql.com
--
MySQL Packagers Mailing List
For list archives: http://lists.mysql.com/packagers
----- End forwarded message -----
--
---- WBR, Michael Shigorin <mike@altlinux.ru>
------ Linux.Kiev http://www.linux.kiev.ua/
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2006-06-09 13:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-06-09 13:34 [Sysadmins] Fwd: Clarification: MySQL 3.23 and 4.0 are NOT affected by the recent multibyte SQL injection problem Michael Shigorin
ALT Linux sysadmins discussion
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
public-inbox-index sysadmins
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sysadmins
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git