MySQL Community Server before 5.0.45 does not require privileges such as
SELECT for the source table in a CREATE TABLE LIKE statement, which allows
remote authenticated users to obtain sensitive information such as the
jdstrand> very invasive patch. Discussed one-time MicroVersionUpdate with
pitti-- too many changes to warrant the update.
jdstrand> apparently Mandriva found a patch for this going back to 5.0.24
Updated: 2015-10-17 03:28:11 UTC (commit 10086)