This update fixes one important vulnerability (CVE-2014-4274) and batches
together two other minor fixes (CVE-2013-2162, CVE-2014-0001).
- CVE-2014-4274
Insecure handling of a temporary file that could lead to execution
of arbitrary code through the creation of a mysql configuration file
pointing to an attacker-controlled plugin_dir.
- CVE-2013-2162
Insecure creation of the debian.cnf credential file. Credentials could
be stolen by a local user monitoring that file while the package gets
installed.
- CVE-2014-0001
Buffer overrun in the MySQL client when the server sends a version
string that is too big for the allocated buffer.
For Debian 6 Squeeze, these issues have been fixed in mysql-5.1 version 5.1.73-1+deb6u1