Accepting request 223755 from home:AndreasStieger:branches:server:database

Percona Toolkit 2.2.7 [bnc#864194] CVE-2014-2029 OBS-URL: https://build.opensuse.org/request/show/223755 OBS-URL: https://build.opensuse.org/package/show/server:database/percona-toolkit?expand=0&rev=31
2014-02-24 19:39:46 +00:00
parent a22bb1ef7b
commit f12948f7df
5 changed files with 89 additions and 77 deletions
--- a/percona-toolkit.changes
+++ b/percona-toolkit.changes
@@ -1,7 +1,19 @@
+-------------------------------------------------------------------
+Mon Feb 24 19:29:34 UTC 2014 - andreas.stieger@gmx.de
+
+- Percona Toolkit 2.2.7  [bnc#864194] CVE-2014-2029
+  Improves sanitisation of input and output for commands run when
+  performing a version check.
+  As this would still transmit data to an external entity without
+  prompting, the automatic version check remains disabled in this
+  package unless requested via command line or global/tool specific
+  or user configuratoin. (--version-check)
+
 -------------------------------------------------------------------
 Sun Feb 16 23:57:34 UTC 2014 - andreas.stieger@gmx.de

- disable automatic version check for all tools  [bnc#864194]
+- disable automatic version check for all tools
+  [bnc#864194] CVE-2014-2029
  Prevents transmission of version information to an external host
  in the default configuration.
  Can be used by owner of a Percona Server (or an attacker who can