Overview

File mysql-5.0.67-CVE-2009-2446.patch of Package mysql

Index: libmysqld/sql_parse.cc
===================================================================
--- libmysqld/sql_parse.cc.orig
+++ libmysqld/sql_parse.cc
@@ -2028,7 +2028,7 @@ bool dispatch_command(enum enum_server_c
       }
       if (check_access(thd,CREATE_ACL,db,0,1,0,is_schema_db(db)))
 	break;
-      mysql_log.write(thd,command,packet);
+      mysql_log.write(thd,command,"%s",packet);
       bzero(&create_info, sizeof(create_info));
       mysql_create_db(thd, (lower_case_table_names == 2 ? alias : db),
                       &create_info, 0);
@@ -2053,7 +2053,7 @@ bool dispatch_command(enum enum_server_c
                    ER(ER_LOCK_OR_ACTIVE_TRANSACTION), MYF(0));
 	break;
       }
-      mysql_log.write(thd,command,db);
+      mysql_log.write(thd,command,"%s",db);
       mysql_rm_db(thd, db, 0, 0);
       break;
     }
Index: sql/sql_parse.cc
===================================================================
--- sql/sql_parse.cc.orig
+++ sql/sql_parse.cc
@@ -2027,7 +2027,7 @@ bool dispatch_command(enum enum_server_c
       }
       if (check_access(thd,CREATE_ACL,db,0,1,0,is_schema_db(db)))
 	break;
-      mysql_log.write(thd,command,packet);
+      mysql_log.write(thd,command,"%s",packet);
       bzero(&create_info, sizeof(create_info));
       mysql_create_db(thd, (lower_case_table_names == 2 ? alias : db),
                       &create_info, 0);
@@ -2052,7 +2052,7 @@ bool dispatch_command(enum enum_server_c
                    ER(ER_LOCK_OR_ACTIVE_TRANSACTION), MYF(0));
 	break;
       }
-      mysql_log.write(thd,command,db);
+      mysql_log.write(thd,command,"%s",db);
       mysql_rm_db(thd, db, 0, 0);
       break;
     }
openSUSE Build Service is sponsored by
Places