From owner-svn-ports-all@freebsd.org Thu Jan 21 13:18:50 2021 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 952564F504A; Thu, 21 Jan 2021 13:18:50 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DM2yy3l5lz3tH8; Thu, 21 Jan 2021 13:18:50 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 72F124869; Thu, 21 Jan 2021 13:18:50 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 10LDIoG7057293; Thu, 21 Jan 2021 13:18:50 GMT (envelope-from bapt@FreeBSD.org) Received: (from bapt@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 10LDIoap057289; Thu, 21 Jan 2021 13:18:50 GMT (envelope-from bapt@FreeBSD.org) Message-Id: <202101211318.10LDIoap057289@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bapt set sender to bapt@FreeBSD.org using -f From: Baptiste Daroussin Date: Thu, 21 Jan 2021 13:18:50 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r562203 - head/security/vuxml X-SVN-Group: ports-head X-SVN-Commit-Author: bapt X-SVN-Commit-Paths: head/security/vuxml X-SVN-Commit-Revision: 562203 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jan 2021 13:18:50 -0000 Author: bapt Date: Thu Jan 21 13:18:49 2021 New Revision: 562203 URL: https://svnweb.freebsd.org/changeset/ports/562203 Log: Split vuln.xml file [1/2] The vuln.xml file has grown a lot since 2003. To avoid having to unlock the svn size limitation, the file is now split into 1 file per year up to the current year + previous one. The split is made based on the date when the entry has been added. In order to achieve the split without breaking any consumer we use a standard XML mechanism via the definition of entities. While here add a new target make vuln-flat.xml which will expand the entities in order to be able to regenerate a one uniq file if needed. This useful to for example allow to test with pkg audit directly given the XML parser used in pkg does not support custom entities. The vuxml web site generator has been modified to ensure the vuln.xml file it provides is the expanded version, so for consumers it is still only one single file to download. Added: head/security/vuxml/vuln-2003.xml (contents, props changed) head/security/vuxml/vuln-2004.xml (contents, props changed) head/security/vuxml/vuln-2005.xml (contents, props changed) head/security/vuxml/vuln-2006.xml (contents, props changed) head/security/vuxml/vuln-2007.xml (contents, props changed) head/security/vuxml/vuln-2008.xml (contents, props changed) head/security/vuxml/vuln-2009.xml (contents, props changed) head/security/vuxml/vuln-2010.xml (contents, props changed) head/security/vuxml/vuln-2011.xml (contents, props changed) head/security/vuxml/vuln-2012.xml (contents, props changed) head/security/vuxml/vuln-2013.xml (contents, props changed) head/security/vuxml/vuln-2014.xml (contents, props changed) head/security/vuxml/vuln-2015.xml (contents, props changed) head/security/vuxml/vuln-2016.xml (contents, props changed) head/security/vuxml/vuln-2017.xml (contents, props changed) head/security/vuxml/vuln-2018.xml (contents, props changed) head/security/vuxml/vuln-2019.xml (contents, props changed) Modified: head/security/vuxml/Makefile Modified: head/security/vuxml/Makefile ============================================================================== --- head/security/vuxml/Makefile Thu Jan 21 13:16:29 2021 (r562202) +++ head/security/vuxml/Makefile Thu Jan 21 13:18:49 2021 (r562203) @@ -50,6 +50,9 @@ do-test: @${CP} ${.CURDIR}/vuln.xml ${WRKDIR}/test @cd ${.CURDIR} && make validate PKGDIR=${WRKDIR}/test +vuln-flat.xml: vuln.xml + xmllint -noent ${.ALLSRC} > ${.TARGET} + validate: tidy @${SH} ${FILESDIR}/validate.sh "${VUXML_FILE}" @${ECHO_MSG} Checking if tidy differs... Added: head/security/vuxml/vuln-2003.xml ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/vuxml/vuln-2003.xml Thu Jan 21 13:18:49 2021 (r562203) @@ -0,0 +1,282 @@ + + + + ElGamal sign+encrypt keys created by GnuPG can be compromised + + + gnupg + 1.0.21.2.3_4 + + + + +

Any ElGamal sign+encrypt keys created by GnuPG contain a + cryptographic weakness that may allow someone to obtain + the private key. These keys should be considered + unusable and should be revoked.

+

The following summary was written by Werner Koch, GnuPG + author:

+
+

Phong Nguyen identified a severe bug in the way GnuPG + creates and uses ElGamal keys for signing. This is + a significant security failure which can lead to a + compromise of almost all ElGamal keys used for signing. + Note that this is a real world vulnerability which will + reveal your private key within a few seconds.

+

...

+

Please take immediate action and revoke your ElGamal + signing keys. Furthermore you should take whatever + measures necessary to limit the damage done for signed or + encrypted documents using that key.

+

Note that the standard keys as generated by GnuPG (DSA + and ElGamal encryption) as well as RSA keys are NOT + vulnerable. Note also that ElGamal signing keys cannot + be generated without the use of a special flag to enable + hidden options and even then overriding a warning message + about this key type. See below for details on how to + identify vulnerable keys.

+
+ +
+ + CVE-2003-0971 + http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html + + + 2003-11-27 + 2003-12-12 + +
+ + + bind8 negative cache poison attack + + + bind + 8.38.3.7 + 8.48.4.3 + + + FreeBSD + 5.15.1_11 + 5.05.0_19 + 4.94.9_1 + 4.84.8_14 + 4.74.7_24 + 4.64.6.2_27 + 4.54.5_37 + 4.4_47 + + + + +

A programming error in BIND 8 named can result in a DNS + message being incorrectly cached as a negative response. As + a result, an attacker may arrange for malicious DNS messages + to be delivered to a target name server, and cause that name + server to cache a negative response for some target domain + name. The name server would thereafter respond negatively + to legitimate queries for that domain name, resulting in a + denial-of-service for applications that require DNS.

+ +
+ + CVE-2003-0914 + SA-03:19.bind + 734644 + + + 2003-11-28 + 2003-12-12 + 2004-05-05 + +
+ + + Mathopd buffer overflow + + + mathopd + 1.4p2 + + + + +

Mathopd contains a buffer overflow in the prepare_reply() + function that may be remotely exploitable.

+ +
+ + http://www.mail-archive.com/mathopd%40mathopd.org/msg00136.html + + + 2003-12-04 + 2003-12-12 + +
+ + + lftp HTML parsing vulnerability + + + lftp + 2.6.10 + + + + +

A buffer overflow exists in lftp which may be triggered when + requesting a directory listing from a malicious server over + HTTP.

+ +
+ + CVE-2003-0963 + http://lftp.yar.ru/news.html#2.6.10 + + + 2003-12-11 + 2003-12-12 + +
+ + + qpopper format string vulnerability + + + qpopper + 2.53_1 + + + + +

An authenticated user may trigger a format string + vulnerability present in qpopper's UIDL code, resulting + in arbitrary code execution with group ID `mail' + privileges.

+ +
+ + 1241 + CVE-2000-0442 + http://www.netsys.com/suse-linux-security/2000-May/att-0137/01-b0f5-Qpopper.txt + + + 2000-05-23 + 2003-12-12 + +
+ + + fetchmail -- address parsing vulnerability + + + fetchmail + 6.2.0 + + + + +

Fetchmail can be crashed by a malicious email message.

+ +
+ + http://security.e-matters.de/advisories/052002.html + + + 2003-10-25 + 2003-10-25 + 2012-09-04 + +
+ + + Buffer overflow in pam_smb password handling + + + pam_smb + 1.9.9_3 + + + + +

Applications utilizing pam_smb can be compromised by + any user who can enter a password. In many cases, + this is a remote root compromise.

+ +
+ + http://www.skynet.ie/~airlied/pam_smb/ + CVE-2003-0686 + + + 2003-10-25 + 2003-10-25 + 2003-10-25 + +
+ + + Buffer overflows in libmcrypt + + + libmcrypt + 2.5.6 + + + + +

libmcrypt does incomplete input validation, leading to + several buffer overflows. Additionally, + a memory leak is present. Both of these problems may be + exploited in a denial-of-service attack.

+ +
+ + http://marc.theaimsgroup.com/?l=bugtraq&m=104162752401212&w=2 + CVE-2003-0031 + CVE-2003-0032 + + + 2003-10-25 + 2003-10-25 + 2003-10-25 + +
+ + + + + + + + Added: head/security/vuxml/vuln-2004.xml ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/vuxml/vuln-2004.xml Thu Jan 21 13:18:49 2021 (r562203) @@ -0,0 +1,10144 @@ + + + + a2ps -- insecure temporary file creation + + + a2ps-a4 + a2ps-letter + a2ps-letterdj + 4.13b_3 + + + + +

A Secunia Security Advisory reports that Javier + Fernández-Sanguino Peña has found temporary file + creation vulnerabilities in the fixps and psmandup scripts + which are part of a2ps. These vulnerabilities could lead to + an attacker overwriting arbitrary files with the credentials + of the user running the vulnerable scripts.

+ +
+ + CVE-2004-1377 + 12108 + 12109 + http://secunia.com/advisories/13641/ + + + 2004-12-27 + 2004-12-30 + 2005-01-19 + +
+ + + libxine -- buffer-overflow vulnerability in aiff support + + + libxine + 1.0.r5_3 + + + + +

Due to a buffer overflow in the open_aiff_file function in + demux_aiff.c, a remote attacker is able to execute arbitrary + code via a modified AIFF file.

+
+ + CVE-2004-1300 + http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt + http://xinehq.de/index.php/security/XSA-2004-7 + + + 2004-12-15 + 2004-12-29 + 2005-01-12 + +
+ + + jabberd -- denial-of-service vulnerability + + + jabber + 1.4.3.1 + + + + +

José Antonio Calvo discovered a bug in the Jabber 1.x server. + According to Matthias Wimmer:

+
+

Without this patch, it is possible to remotly crash + jabberd14, if there is access to one of the following types + of network sockets:

+
    +
  • Socket accepting client connections
  • +
  • Socket accepting connections from other servers
  • +
  • Socket connecting to an other Jabber server
  • +
  • Socket accepting connections from server components
  • +
  • Socket connecting to server components
  • +
+

This is any socket on which the jabberd server parses + XML!

+

The problem existed in the included expat XML parser code. + This patch removes the included expat code from jabberd14 + and links jabberd against an installed version of expat.

+
+ +
+ + CVE-2004-1378 + http://devel.amessage.info/jabberd14/README.html + http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html + + + 2004-09-19 + 2004-12-26 + 2005-01-19 + +
+ + + squid -- confusing results on empty acl declarations + + + squid + 2.5.7_5 + + + + +

Applying an empty ACL list results in unexpected behavior: + anything will match an empty ACL list. For example,

+
+

The meaning of the configuration gets very confusing when + we encounter empty ACLs such as

+

acl something src "/path/to/empty_file.txt"
+ http_access allow something somewhere

+

gets parsed (with warnings) as

+

http_access allow somewhere

+

And similarily if you are using proxy_auth acls without + having any auth schemes defined.

+
+ +
+ + CVE-2005-0194 + http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls + http://www.squid-cache.org/bugs/show_bug.cgi?id=1166 + + + 2004-12-21 + 2004-12-23 + 2005-02-08 + +
+ + + ethereal -- multiple vulnerabilities + + + ethereal + ethereal-lite + tethereal + tethereal-lite + 0.10.8 + + + + +

An Ethreal Security Advisories reports:

+
+

Issues have been discovered in the following protocol + dissectors:

+
    +
  • Matthew Bing discovered a bug in DICOM dissection that + could make Ethereal crash.
  • +
  • An invalid RTP timestamp could make Ethereal hang and + create a large temporary file, possibly filling + available disk space.
  • +
  • The HTTP dissector could access previously-freed + memory, causing a crash.
  • +
  • Brian Caswell discovered that an improperly formatted + SMB packet could make Ethereal hang, maximizing CPU + utilization.
  • +
+

Impact: It may be possible to make Ethereal crash or run + arbitrary code by injecting a purposefully malformed + packet onto the wire or by convincing someone to read a + malformed packet trace file.

+
+ +
+ + CVE-2004-1139 + CVE-2004-1140 + CVE-2004-1141 + CVE-2004-1142 + http://www.ethereal.com/appnotes/enpa-sa-00016.html + + + 2004-12-14 + 2004-12-23 + +
+ + + xpdf -- buffer overflow vulnerability + + + xpdf + 3.00_5 + + + kdegraphics + 3.3.2_1 + + + gpdf + 2.8.1 + + + teTeX-base + 2.0.2_6 + + + cups-base + 1.1.22.0 + + + koffice + 1.3.5,1 + + + pdftohtml + 0.36_1 + + + + +

An iDEFENSE Security Advisory reports:

+
+

Remote exploitation of a buffer overflow vulnerability in + the xpdf PDF viewer, as included in multiple Linux + distributions, could allow attackers to execute arbitrary + code as the user viewing a PDF file. The offending code + can be found in the Gfx::doImage() function in the source + file xpdf/Gfx.cc.

+
+ +
+ + CVE-2004-1125 + http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities + + + 2004-11-23 + 2004-12-23 + 2005-01-13 + +
+ + + acroread5 -- mailListIsPdf() buffer overflow vulnerability + + + acroread + acroread4 + acroread5 + 5.10 + + + + +

An iDEFENSE Security Advisory reports:

+
+

Remote exploitation of a buffer overflow in version 5.09 + of Adobe Acrobat Reader for Unix could allow for execution + of arbitrary code.

+

The vulnerability specifically exists in a the function + mailListIsPdf(). This function checks if the input file + is an email message containing a PDF. It unsafely copies + user supplied data using strcat into a fixed sized + buffer.

+
+ +
+ + CVE-2004-1152 + 253024 + http://www.adobe.com/support/techdocs/331153.html + http://www.idefense.com/application/poi/display?id=161&type=vulnerabilities + + + 2004-10-14 + 2004-12-21 + 2005-01-06 + +
+ + + ecartis -- unauthorised access to admin interface + + + ecartis + 1.0.0.s20031228_2,1 + + + + +

A Debian security advisory reports:

+
+

A problem has been discovered in ecartis, a mailing-list + manager, which allows an attacker in the same domain as + the list admin to gain administrator privileges and alter + list settings.

+
+ +
+ + CVE-2004-0913 + http://www.debian.org/security/2004/dsa-572 + http://secunia.com/advisories/12918/ + + + 2004-10-12 + 2004-12-21 + +
+ + + mplayer -- multiple vulnerabilities + + + mplayer + mplayer-gtk + mplayer-gtk2 + mplayer-esound + mplayer-gtk-esound + mplayer-gtk2-esound + 0.99.5_5 + + + libxine + 1.0.r5_3 + + + + +

iDEFENSE and the MPlayer Team have found multiple + vulnerabilities in MPlayer:

+
    +
  • Potential heap overflow in Real RTSP streaming code
  • +
  • Potential stack overflow in MMST streaming code
  • +
  • Multiple buffer overflows in BMP demuxer
  • +
  • Potential heap overflow in pnm streaming code
  • +
  • Potential buffer overflow in mp3lib
  • +
+

These vulnerabilities could allow a remote attacker to + execute arbitrary code as the user running MPlayer. The + problem in the pnm streaming code also affects xine.

+ +
+ + CVE-2004-1187 + CVE-2004-1188 + http://mplayerhq.hu/homepage/design7/news.html#mplayer10pre5try2 + http://marc.theaimsgroup.com/?l=bugtraq&m=110322526210300 + http://www.idefense.com/application/poi/display?id=166 + http://marc.theaimsgroup.com/?l=bugtraq&m=110322829807443 + http://www.idefense.com/application/poi/display?id=167 + http://marc.theaimsgroup.com/?l=bugtraq&m=110323022605345 + http://www.idefense.com/application/poi/display?id=168 + http://xinehq.de/index.php/security/XSA-2004-6 + + + 2004-12-10 + 2004-12-21 + 2005-01-12 + +
+ + + krb5 -- heap buffer overflow vulnerability in libkadm5srv + + + krb5 + krb5-beta + 1.3.6 + + + + +

A MIT krb5 Security Advisory reports:

+
+

The MIT Kerberos 5 administration library (libkadm5srv) + contains a heap buffer overflow in password history + handling code which could be exploited to execute + arbitrary code on a Key Distribution Center (KDC) + host. The overflow occurs during a password change of a + principal with a certain password history state. An + administrator must have performed a certain password + policy change in order to create the vulnerable state.

+

An authenticated user, not necessarily one with + administrative privileges, could execute arbitrary code on + the KDC host, compromising an entire Kerberos realm.

+
+ +
+ + CVE-2004-1189 + http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-004-pwhist.txt + + + 2004-12-06 + 2004-12-21 + +
+ + + samba -- integer overflow vulnerability + + + samba + 3.0.10 + *,13.0.10,1 + + + ja-samba + 2.2.12.j1.0beta1_2 + 3.*3.0.10 + 3.*,13.0.10,1 + + + + +

Greg MacManus, iDEFENSE Labs reports:

+
+

Remote exploitation of an integer overflow vulnerability + in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, + and Samba 3.0.x prior to and including 3.0.9 could allow + an attacker to cause controllable heap corruption, leading + to execution of arbitrary commands with root + privileges.

+

Successful remote exploitation allows an attacker to gain + root privileges on a vulnerable system. In order to + exploit this vulnerability an attacker must possess + credentials that allow access to a share on the Samba + server. Unsuccessful exploitation attempts will cause the + process serving the request to crash with signal 11, and + may leave evidence of an attack in logs.

+
+ +
+ + CVE-2004-1154 + http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities + http://www.samba.org/samba/security/CAN-2004-1154.html + + + 2004-12-02 + 2004-12-21 + 2008-09-26 + +
+ + + php -- multiple vulnerabilities + + + mod_php4-twig + php4-cgi + php4-cli + php4-dtc + php4-horde + php4-nms + php4 + 4.3.10 + + + mod_php + mod_php4 + 44.3.10,1 + + + php5 + php5-cgi + php5-cli + 5.0.3 + + + mod_php5 + 5.0.3,1 + + + + +

Secunia reports:

+
+

Multiple vulnerabilities have been reported in PHP, + which can be exploited to gain escalated privileges, + bypass certain security restrictions, gain knowledge + of sensitive information, or compromise a vulnerable + system.

+
+ +
+ + http://secunia.com/advisories/13481/ + CVE-2004-1019 + CVE-2004-1065 + http://www.php.net/release_4_3_10.php + http://www.hardened-php.net/advisories/012004.txt + + + 2004-12-16 + 2004-12-17 + 2004-12-18 + +
+ + + mysql -- GRANT access restriction problem + + + mysql-server + 3.23.58_3 + 4.*4.0.21 + + + + +

When a user is granted access to a database with a name containing + an underscore and the underscore is not escaped then that user might + also be able to access other, similarly named, databases on the + affected system.

+

The problem is that the underscore is seen as a wildcard by MySQL + and therefore it is possible that an admin might accidently GRANT a + user access to multiple databases.

+ +
+ + CVE-2004-0957 + 11435 + http://bugs.mysql.com/bug.php?id=3933 + http://rhn.redhat.com/errata/RHSA-2004-611.html + http://www.openpkg.org/security/OpenPKG-SA-2004.045-mysql.html + + + 2004-03-29 + 2004-12-16 + 2005-03-15 + +
+ + + mysql -- ALTER MERGE denial of service vulnerability + + + mysql-server + 3.23.58_3 + 4.*4.0.21 + 4.1.*4.1.1 + + + + +

Dean Ellis reported a denial of service vulnerability in the MySQL + server:

+
+

Multiple threads ALTERing the same (or different) MERGE tables to + change the UNION eventually crash the server or hang the individual + threads.

+
+

Note that a script demonstrating the problem is included in the + MySQL bug report. Attackers that have control of a MySQL account can + easily use a modified version of that script during an attack.

+ +
+ + CVE-2004-0837 + 11357 + http://bugs.mysql.com/bug.php?id=2408 + http://rhn.redhat.com/errata/RHSA-2004-611.html + + + 2004-01-15 + 2004-12-16 + 2005-03-15 + +
+ + + mysql -- FTS request denial of service vulnerability + + + mysql-server + 4.*4.0.21 + + + + +

A special crafted MySQL FTS request can cause the server to crash. + Malicious MySQL users can abuse this bug in a denial of service + attack against systems running an affected MySQL daemon.

+

Note that because this bug is related to the parsing of requests, + it may happen that this bug is triggered accidently by a user when he + or she makes a typo.

+ +
+ + http://bugs.mysql.com/bug.php?id=3870 + CVE-2004-0956 + 11432 + + + 2004-03-23 + 2004-12-16 + +
+ + + mysql -- mysql_real_connect buffer overflow vulnerability + + + mysql-server + 3.23.58_3 + 4.*4.0.21 + + + mysql-client + 3.23.58_3 + 4.*4.0.21 + + + + +

The mysql_real_connect function doesn't properly handle DNS replies + by copying the IP address into a buffer without any length checking. + A specially crafted DNS reply may therefore be used to cause a buffer + overflow on affected systems.

+

Note that whether this issue can be exploitable depends on the + system library responsible for the gethostbyname function. The bug + finder, Lukasz Wojtow, explaines this with the following words:

+
+

In glibc there is a limitation for an IP address to have only 4 + bytes (obviously), but generally speaking the length of the address + comes with a response for dns query (i know it sounds funny but + read rfc1035 if you don't believe). This bug can occur on libraries + where gethostbyname function takes length from dns's response

+
+ +
+ + CVE-2004-0836 + 10981 + http://bugs.mysql.com/bug.php?id=4017 + http://lists.mysql.com/internals/14726 + http://rhn.redhat.com/errata/RHSA-2004-611.html + http://www.osvdb.org/displayvuln.php?osvdb_id=10658 + + + 2004-06-04 + 2004-12-16 + 2005-03-15 + +
+ + + mysql -- erroneous access restrictions applied to table renames + + + mysql-server + 3.23.58_3 + 4.*4.0.21 + + + + +

A Red Hat advisory reports:

+
+

Oleksandr Byelkin discovered that "ALTER TABLE ... RENAME" checked + the CREATE/INSERT rights of the old table instead of the new + one.

+
+

Table access restrictions, on the affected MySQL servers, may + accidently or intentially be bypassed due to this bug.

+ *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***