MySQL Server 5.0.92 has been released.
am 08.02.2011 06:04:44 von Karen LangfordDear MySQL users,
MySQL Server 5.0.92, a new version of the popular Open Source Database
Management System, has been released. Please note that the active
maintenance of 5.0 has ended, and these builds are only provided
because of the fixes to security bugs as described below.
The release is now available in source and binary form for a number of
platforms from our archive download page at
http://dev.mysql.com/downloads/
Mirror service for MySQL Server 5.0 has ended. Also, support for some
platforms with very low demand has ended. Please bear in mind that
MySQL 5.0 now receives extended support only, and that all active
development is happening on MySQL 5.1, 5.5, and beyond. You will find
the MySQL Lifecycle policy here:
http://www.mysql.de/about/legal/lifecycle/
For your own best interest, we strongly recommend all current users of
MySQL 5.0 to upgrade to MySQL 5.1.
We welcome and appreciate your feedback, bug reports, bug fixes,
patches etc:
http://forge.mysql.com/wiki/Contributing
This section documents all changes and bugfixes that have been applied
since the last MySQL Server release (5.0.91).
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html
If you would like to receive more fine-grained and personalized update
alerts about fixes that are relevant to the version and features you
use, please consider subscribing to MySQL Enterprise (a commercial
MySQL offering). For more details please see
http://www.mysql.com/products/enterprise/advisors.html
Changes in MySQL 5.0.92 (7 February, 2011)
Functionality added or changed:
* The time zone tables available at
http://dev.mysql.com/downloads/timezones.html have been
updated. These tables can be used on systems such as
Windows or HP-UX that do not include zoneinfo files.
(Bug#40230:http://bugs.mysql.com/bug.php?id=40230)
Bugs fixed:
* Security Fix: During evaluation of arguments to
extreme-value functions (such as LEAST() and GREATEST()),
type errors did not propagate properly, causing the
server to crash.
(Bug#55826:http://bugs.mysql.com/bug.php?id=55826,
CVE-2010-3833
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3833 )
* Security Fix: The server could crash after materializing
a derived table that required a temporary table for
grouping.
(Bug#55568:http://bugs.mysql.com/bug.php?id=55568,
CVE-2010-3834
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3834 )
* Security Fix: A user-variable assignment expression that
is evaluated in a logical expression context can be
precalculated in a temporary table for GROUP BY. However,
when the expression value is used after creation of the
temporary table, it was re-evaluated, not read from the
table and a server crash resulted.
(Bug#55564:http://bugs.mysql.com/bug.php?id=55564,
CVE-2010-3835
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3835 )
* Security Fix: Joins involving a table with a unique SET
column could cause a server crash.
(Bug#54575:http://bugs.mysql.com/bug.php?id=54575,
CVE-2010-3677
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677 )
* Security Fix: Pre-evaluation of LIKE predicates during
view preparation could cause a server crash.
(Bug#54568:http://bugs.mysql.com/bug.php?id=54568,
CVE-2010-3836
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3836 )
* Security Fix: GROUP_CONCAT() and WITH ROLLUP together
could cause a server crash.
(Bug#54476:http://bugs.mysql.com/bug.php?id=54476,
CVE-2010-3837
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3837 )
* Security Fix: Queries could cause a server crash if the
GREATEST() or LEAST() function had a mixed list of
numeric and LONGBLOB arguments, and the result of such a
function was processed using an intermediate temporary
table.
(Bug#54461:http://bugs.mysql.com/bug.php?id=54461,
CVE-2010-3838
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3838 )
* Security Fix: Using EXPLAIN with queries of the form
SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)
could cause a server crash.
(Bug#52711:http://bugs.mysql.com/bug.php?id=52711,
CVE-2010-3682
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682 )
* InnoDB Storage Engine: Creating or dropping a table with
1023 transactions active caused an assertion failure.
(Bug#49238:http://bugs.mysql.com/bug.php?id=49238)
* The make_binary_distribution target to make could fail on
some platforms because the lines generated were too long
for the shell.
(Bug#54590:http://bugs.mysql.com/bug.php?id=54590)
* A client could supply data in chunks to a prepared
statement parameter other than of type TEXT or BLOB using
the mysql_stmt_send_long_data() C API function (or
COM_STMT_SEND_LONG_DATA command). This led to a crash
because other data types are not valid for long data.
(Bug#54041:http://bugs.mysql.com/bug.php?id=54041)
* Builds of the embedded mysqld would fail due to a missing
element of the struct NET.
(Bug#53908:http://bugs.mysql.com/bug.php?id=53908,
Bug#53912:http://bugs.mysql.com/bug.php?id=53912)
* The definition of the MY_INIT macro in my_sys.h included
an extraneous semicolon, which could cause compilation
failure.
(Bug#53906:http://bugs.mysql.com/bug.php?id=53906)
* If the remote server for a FEDERATED table could not be
accessed, queries for the INFORMATION_SCHEMA.TABLES table
failed.
(Bug#35333:http://bugs.mysql.com/bug.php?id=35333)
* mysqld could fail during execution when using SSL.
(Bug#34236:http://bugs.mysql.com/bug.php?id=34236)
* Threads that were calculating the estimated number of
records for a range scan did not respond to the KILL
statement. That is, if a range join type is possible
(even if not selected by the optimizer as a join type of
choice and thus not shown by EXPLAIN), the query in the
statistics state (shown by the SHOW PROCESSLIST) did not
respond to the KILL statement.
(Bug#25421:http://bugs.mysql.com/bug.php?id=25421)
Thanks,
Sunanda Menon
Release Engineer, MySQL, Oracle.
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org