author: Jacques Vidrine <nectar@FreeBSD.org> 2004-09-23 14:10:58 +0000
committer: Jacques Vidrine <nectar@FreeBSD.org> 2004-09-23 14:10:58 +0000
commit: e7c6d5e304dffd3bb6646efaf29716e65b3bc7b1 (patch)
tree: ae33c319b76377bfaf7b777ef69113fcf2873ac5 /security
parent: ca91a11346f402ac499894889c3eda1a3a32aebd (diff)
1 files changed, 27 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 9a58ba24cf92..8bd8aff710bc 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,33 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="77420ebb-0cf4-11d9-8a8a-000c41e2cdad">
+    <topic>mysql -- heap buffer overflow with prepared statements</topic>
+    <affects>
+      <package>
+	<name>mysql-server</name>
+	<name>mysql-client</name>
+	<range><ge>4.1.0</ge><le>4.1.4</le></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+        <p>There is a buffer overflow in the prepared statements API
+          (libmysqlclient) when a statement containing thousands of
+          placeholders is executed.</p>
+      </body>
+    </description>
+    <references>
+      <url>http://bugs.mysql.com/bug.php?id=5194</url>
+      <url>http://dev.mysql.com/doc/mysql/en/News-4.1.5.html</url>
+      <url>http://mysql.bkbits.net:8080/mysql-4.1/cset@1.1932.152.4</url>
+    </references>
+    <dates>
+      <discovery>2004-09-08</discovery>
+      <entry>2004-09-23</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="e9f9d232-0cb2-11d9-8a8a-000c41e2cdad">
     <topic>mozilla --- security icon spoofing</topic>
     <affects>
author	Jacques Vidrine <nectar@FreeBSD.org>	2004-09-23 14:10:58 +0000
committer	Jacques Vidrine <nectar@FreeBSD.org>	2004-09-23 14:10:58 +0000
commit	e7c6d5e304dffd3bb6646efaf29716e65b3bc7b1 (patch)
tree	ae33c319b76377bfaf7b777ef69113fcf2873ac5 /security
parent	ca91a11346f402ac499894889c3eda1a3a32aebd (diff)