CVE-2007-6303

Priority
Description
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4
does not update the DEFINER value of a view when the view is altered, which
allows remote authenticated users to gain privileges via a sequence of
statements including a CREATE SQL SECURITY DEFINER VIEW statement and an
ALTER VIEW statement.
Notes
 jdstrand> patch from debian works on gutsy and feisty. On edgy and dapper
  the test case fails (meaning the patch is incomplete).
Assigned-to
jdstrand
Package
Upstream:released (5.0.45-5)
More Information

Updated: 2019-03-19 11:44:32 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)