1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
#! /bin/sh /usr/share/dpatch/dpatch-run
## 91_CVE-2007-3782.dpatch by Jamie Strandboge <jamie@ubuntu.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: fix for CVE-2007-3782
## DP: (patches to mysql-test/ removed as they didn't apply cleanly --ch)
@DPATCH@
diff -Nru mysql-dfsg-5.0-5.0.38.orig/sql/sql_prepare.cc mysql-dfsg-5.0-5.0.38/sql/sql_prepare.cc
--- mysql-dfsg-5.0-5.0.38.orig/sql/sql_prepare.cc 2007-03-20 15:12:48.000000000 -0400
+++ mysql-dfsg-5.0-5.0.38/sql/sql_prepare.cc 2007-10-02 11:02:20.000000000 -0400
@@ -1164,8 +1164,9 @@
goto error;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
- /* TABLE_LIST contain right privilages request */
- want_privilege= table_list->grant.want_privilege;
+ /* Force privilege re-checking for views after they are being opened. */
+ want_privilege= (table_list->view ? UPDATE_ACL :
+ table_list->grant.want_privilege);
#endif
if (mysql_prepare_update(thd, table_list, &select->where,
diff -Nru mysql-dfsg-5.0-5.0.38.orig/sql/sql_update.cc mysql-dfsg-5.0-5.0.38/sql/sql_update.cc
--- mysql-dfsg-5.0-5.0.38.orig/sql/sql_update.cc 2007-03-20 15:12:18.000000000 -0400
+++ mysql-dfsg-5.0-5.0.38/sql/sql_update.cc 2007-10-02 11:02:20.000000000 -0400
@@ -173,8 +173,9 @@
table->quick_keys.clear_all();
#ifndef NO_EMBEDDED_ACCESS_CHECKS
- /* TABLE_LIST contain right privilages request */
- want_privilege= table_list->grant.want_privilege;
+ /* Force privilege re-checking for views after they are being opened. */
+ want_privilege= (table_list->view ? UPDATE_ACL :
+ table_list->grant.want_privilege);
#endif
if (mysql_prepare_update(thd, table_list, &conds, order_num, order))
DBUG_RETURN(1);
|
