Hi,

MySQL Connector/Net 1.0.10.1 a new version of the all-managed .NET
driver for MySQL has been released. This is a bug fix release for the
current production branch of Connector/Net. Version 1.0.10.1 is
suitable for use with any MySQL version including MySQL-4.1, MySQL-5.0,
MySQL-5.1 beta or the MySQL-6.0 Falcon "Preview".

It is now available in source and binary form from the Connector/Net
download pages at http://dev.mysql.com/downloads/connector/net/1.0.html
and mirror sites (note that not all mirror sites may be up to date at
this point of time - if you can't find this version on some mirror,
please try again later or choose another download site.)

We moved to a new installer technology for this release. Please let us
know what, if any, problems you have with it.

== CHANGELOG ==

--Bugs--
* Bug #24373 High CPU utilization when no idle connection
* Bug #24957 MySql.Data.Types.MySqlConversionException is not marked as
Serializable.
* Bug #25603 Critial ConnectionPool Error in Connector.Net 5.03
* Fixed problem where an attempt to open a connection max pool size
times while the server is down will prevent any further attempts due to
the pool semaphore being full. (Bug #29409)
* Fixed problem where attempting to load a reader into a datatable using
a table with a multi-column primary key would result in multiple
constraints being added to the datatable. No test case added to the 1.0
tree as loading a datatable with a reader is a .Net 2.0 thing. (bug #30204)

--Other--
* Added "Use Procedure Bodies" connection string option to allow calling
procedures without using procedure metadata (if possible).
* Reverted behavior that required parameter names to start with the
parameter marker. We apologize for this back and forth but we
mistakenly changed the behavior to not match what SqlClient supports.
We now support using either syntax for adding parameters however we also
respond exactly like SqlClient in that if you ask for the index of a
parameter using a syntax different than you added the parameter, the result
will be -1.
* Changed installer to Inno Setup

Thanks,
Reggie





--
MySQL Announce Mailing List
For list archives: http://lists.mysql.com/announce
To unsubscribe: http://lists.mysql.com/announce?unsub=yuzo@jinjin.org

Hi,

MySQL Connector/Net 5.0.8.1, a new version of the all-managed .NET
driver for MySQL, has been released. This is a re-release of 5.0.8 due
to an installer bug. With 5.0.8, the installer would on many systems
fail to start reporting an error importing one of our support
libraries. With this release, we believe this to be corrected.

It is now available in source and binary form from the Connector/Net
download pages at http://dev.mysql.com/downloads/connector/net/5.0.html
and mirror sites (note that not all mirror sites may be up to date at
this point of time - if you can't find this version on some mirror,
please try again later or choose another download site.)

For a list of changes, please refer to the change log for 5.0.8.

Thanks,
Reggie




--
MySQL Announce Mailing List
For list archives: http://lists.mysql.com/announce
To unsubscribe: http://lists.mysql.com/announce?unsub=yuzo@jinjin.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA07-235A

Trend Micro ServerProtect Contains Multiple Vulnerabilities

Original release date: August 23, 2007
Last revised: --
Source: US-CERT

Systems Affected

* Trend Micro ServerProtect for Windows/Novell Netware

Overview

A number of vulnerabilities exist in the Trend Micro ServerProtect
antivirus product. These vulnerabilities could allow a remote attacker
to completely compromise an affected system.

I. Description

Multiple buffer overflow vulnerabilities and an integer overflow
vulnerability have been discovered in the RPC interfaces used by
various components in Trend Micro's ServerProtect software package.
These vulnerabilities could be exploited by a remote attacker with the
ability to supply a specially crafted RPC request to the system
running the affected software.

Further information about the vulnerabilities is available in the
Vulnerability Notes Database.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code on a
vulnerable system. The attacker-supplied code would be executed with
system privileges, resulting in a complete compromise of the affected
system.

III. Solution

Apply updates from Trend Micro

Trend Micro has provided an update for these vulnerabilities in

ServerProtect 5.58 for Windows NT/2000/2003 Security Patch 4 -
Build 1185

Administrators are encouraged to review this notice and apply the
patch as soon as possible.

Restrict network access to the affected components

Until the patch can be applied, administrators may wish to block
access to the vulnerable software from outside their network
perimeters, specifically by blocking access to the ports used by the
ServerProtect service (5186/tcp) and the ServerProtect Agent service
(3628/tcp). This will limit exposure to attacks; however, attackers
within the network perimeter could still exploit the vulnerabilities.

IV. References

* US-CERT Vulnerability Notes for Trend Micro ServerProtect Security
Patch 4 -
<http://www.kb.cert.org/vuls/byid?searchview&query=spnt_558_win_en_securitypatch4>
* README for Trend Micro ServerProtect 5.58 for Windows NT/2000/2003
Security Patch 4 - Build 1185 -
<http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA07-235A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-235A Feedback VU#959400" in the
subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2007 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________


Revision History

August 23, 2007: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRs3klPRFkHkM87XOAQL7zAf+PXpaSnXpigRzucYQBATk81xcjzQXhoQx
HSGK1rJfxF6rQfyP/KpoBxMLLVvFkPbixK/Q2Cc3h5SGRzLPk6KANXIW+dJ3lMVl
q0DHKdr8MLtczp+rQv8Dzhwoi+AT1DYmlqEnW0Rb1X5vSK26y1tUNbrIPmVocpIK
DcxFVuFS7NEBIgQEopnZn4cXq59uavjuNR9QMFfekZcM1dMvxkYEG46fY9oggSdD
DPHqg9fkfTZ8ARnzy44L6PMMkRtOTIdCOCfmTj/leC8Y+HggScZ2SziV3CxKvJVZ
2dCMGMkoPlPujqQxgR1L5DAT47KVYR5QbzbVqTFsUiNYH4pJ4W5G1g==
=v2XA
-----END PGP SIGNATURE-----

The Apache UIMA[1] team is pleased to announce the immediate
availability of Apache UIMA 2.2.0-incubating[2]. UIMA is
a component framework for the the development, discovery,
composition and deployment of multi-modal analytics for
the analysis of unstructured information.

This release brings many incremental improvements, for example
in the areas of class loading and pear support. Please
see the release notes[3] for a full list of new features
and fixes in this release.

The Apache UIMA team


[1] http://incubator.apache.org/uima

[2] http://incubator.apache.org/uima/downloads.html

[3] http://incubator.apache.org/uima/downloads/releaseDocs/2.2.0-incubating/RELEASE_NOTES.html


INCUBATION DISCLAIMER

Apache UIMA is an effort undergoing incubation at The Apache Software
Foundation (ASF). Incubation is required of all newly accepted projects
until a further review indicates that the infrastructure, communications,
and decision making process have stabilized in a manner consistent with
other successful ASF projects. While incubation status is not necessarily
a reflection of the completeness or stability of the code, it does
indicate that the project has yet to be fully endorsed by the ASF.

-----BEGIN PGP SIGNED MESSAGE-----

各位
JPCERT-AT-2007-0019
JPCERT/CC
2007-08-23

<<< JPCERT/CC Alert 2007-08-23 >>>

TCP 5168番ポートへのスキャン増加に関する注意喚起

Increased activity targeting TCP port 5168

http://www.jpcert.or.jp/at/2007/at070019.txt

I. 概要

JPCERT/CC では、TCP 5168番ポートへのスキャンが 2007年8月22日より増加
していることを、インターネット定点観測システム (以下、ISDAS ) において
確認しております。これらのスキャンの原因は特定できておりませんが、先日
SecurityPatch が公開された Trend Micro 社 ServerProtect の脆弱性を狙っ
た攻撃の可能性があります。


II. 観測状況

ISDAS において観測した TCP 5168番ポートへのスキャン状況については以
下をご参照ください。

ISDAS TCP 5168番ポート指定グラフ (2007/8/22-8/23)
http://www.jpcert.or.jp/isdas/2007/20070822-0823_5168_port.png


III. 対策

TCP 5168番ポートを使用するサービスを利用している場合は、以下の対策を
ご検討ください。

1) Trend Micro ServerProtect for Windows/NetWare 5.x を利用している
場合は、「IV. 参考情報」に従い SecurityPatch の適用を実行する

2) ウイルスに感染した場合の二次被害を防ぐために、内部から外部の TCP
5168番ポート宛のパケットを制限する


IV. 参考情報

Japan Vulnerability Notes JVNVU#329735
Trend Micro ServerProtect におけるバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU%23329735/index.html

ServerProtect for Windows/NetWare 5.58 用 Security Patch 2(Build_1185)公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1002

ServerProtect for Windows/NetWare 5.58 用 Security Patch 2(Build_1185)適用のお願い
http://www.trendmicro.co.jp/support/news.asp?id=1003

Multiple Vulnerabilities in Trend Micro Products
http://www.us-cert.gov/current/archive/2007/08/22/archive.html#multiple_vulnerabilities_in_trend_micro

インターネット定点観測システム (ISDAS)
http://www.jpcert.or.jp/isdas/


今回の件につきまして当方まで提供いただける情報がございましたら、ご連
絡ください。

======================================================================
JPCERT コーディネーションセンター (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600 FAX: 03-3518-4602
http://www.jpcert.or.jp/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBRs1MAYx1ay4slNTtAQFXGgP/dt7QQAJhn86H2yE1hj1TJLmMNEnIgZ8T
7NP2c1Fs4qGx4ixyw2k2TBrZ4O1OFDYiYAJ2H7As943OEiwhSBjaE9v2NJU2s3Te
k/VUXDopqNx0R/eVOHdA8QAomv5imigWcjsDeCd/hxvEvm9YsRMLBf+jkDorCQNK
Dee5ocmKWao=
=x9yF
-----END PGP SIGNATURE-----