$NetBSD: patch-ac,v 1.8.2.2 2009/07/19 20:00:53 spz Exp $

Patch for CVE-2009-2446.

--- libmysqld/sql_parse.cc.orig	2008-08-04 13:20:10.000000000 +0100
+++ libmysqld/sql_parse.cc	2009-07-19 14:07:08.000000000 +0100
@@ -2028,7 +2028,7 @@
       }
       if (check_access(thd,CREATE_ACL,db,0,1,0,is_schema_db(db)))
 	break;
-      mysql_log.write(thd,command,packet);
+      mysql_log.write(thd,command,"%s",packet);
       bzero(&create_info, sizeof(create_info));
       mysql_create_db(thd, (lower_case_table_names == 2 ? alias : db),
                       &create_info, 0);
@@ -2053,7 +2053,7 @@
                    ER(ER_LOCK_OR_ACTIVE_TRANSACTION), MYF(0));
 	break;
       }
-      mysql_log.write(thd,command,db);
+      mysql_log.write(thd,command,"%s",db);
       mysql_rm_db(thd, db, 0, 0);
       break;
     }
