Well, here as well we missed an update, sorry about this I hope to keep you more up to date to stuff like this the coming period. The bug is still there so you still need to recompile !

This release includes a number of security-relevant fixes:

  • CREATE TABLE LIKE did not require any privileges on the source table and was not isolated from alteration by other connections. (Bugs #25578 and #23667)
  • It is no longer possible to use a view to gain update privileges for tables in other databases. (Bug#27878)
  • It is no longer possible for a user to gain privileges by calling a stored routine that was declared using SQL SECURITY INVOKER. (Bug#27337)
  • The DROP privilege requirement for RENAME TABLE is now correctly enforced. (Bug#27515)
  • Malformed password packets in the connection protocol can no longer cause the server to crash. (Bug#28984)

One bug fix resulted in an incompatible change:

  • The use of an ORDER BY or DISTINCT clause with a query containing a call to the GROUP_CONCAT() function caused results from previous queries to be redisplayed in the current result. The fix for this includes replacing a BLOB value used internally for sorting with a VARCHAR; this may lead to truncation when the result of a query that uses GROUP_CONCAT() is longer than the limit for VARCHAR, which is a new restriction in MySQL 5.0.45. (Bugs #23856, #28273)

Read about all the changes here.