CVE-2007-6303

Priority
Low
Description
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4
does not update the DEFINER value of a view when the view is altered, which
allows remote authenticated users to gain privileges via a sequence of
statements including a CREATE SQL SECURITY DEFINER VIEW statement and an
ALTER VIEW statement.
References
Bugs
Notes
 jdstrand> patch from debian works on gutsy and feisty. On edgy and dapper
  the test case fails (meaning the patch is incomplete).
Assigned-to
jdstrand
Package
Upstream:released (5.0.45-5)
More Information

Updated: 2016-03-23 03:30:09 UTC (commit 10817)