Security Fix: For servers built with yaSSL, a preauthorization buffer overflow could cause memory corruption or a server crash. We thank Evgeny Legerov from Intevydis for providing us with a proof-of-concept script that allowed us to reproduce this bug. (Bug#50227, CVE-2009-4484)

Replication: When a session was closed on the master, temporary tables belonging to that session were logged with the wrong database names when either of the following conditions was true:

(Bug#48216)

See also Bug#46861, Bug#48297.

Specifying an index algorithm (such as BTREE) for SPATIAL or FULLTEXT indexes caused a server crash. These index types do not support algorithm specification, and it is now disallowed to do so. (Bug#49250)

Building MySQL on Fedora Core 12 64-bit failed, due to errors in comp_err. (Bug#48864)

Re-execution of a prepared statement could cause a server crash. (Bug#48508)

A bad typecast could cause query execution to allocate large amounts of memory. (Bug#48458)

A query containing a view using temporary tables and multiple tables in the FROM clause and PROCEDURE ANALYSE() caused a server crash.

As a result of this bug fix, PROCEDURE ANALYSE() is legal only in a top-level SELECT. (Bug#48293)

See also Bug#46184.

Error handling was missing for SELECT statements containing subqueries in the WHERE clause and that assigned a SELECT result to a user variable. The server could crash as a result. (Bug#48291)

An assertion could fail if the optimizer used a SPATIAL index. (Bug#48258, Bug#47019)

A combination of GROUP BY WITH ROLLUP, DISTINCT and the const join type in a query caused a server crash when the optimizer chose to employ a temporary table to resolve DISTINCT. (Bug#48131)

If the first argument to GeomFromWKB() function was a geometry value, the function just returned its value. However, it failed to preserve the argument's null_value flag, which caused an unexpected NULL value to be returned to the caller, resulting in a server crash. (Bug#47780)

In a replication scenario with innodb_locks_unsafe_for_binlog enabled on the slave, where rows were changed only on the slave (not through replication), in some rare cases, many messages of the following form were written to the slave error log: InnoDB: Error: unlock row could not find a 4 mode lock on the record. (Bug#41756)

In some cases, the server did not recognize lettercase differences between GRANT attributes such as table name or user name. For example, a user was able to perform operations on a table with privileges of another user with the same user name but in a different lettercase.

In consequence of this bug fix, the collation for the Routine_name column of the mysql.proc table is changed from utf8_bin to utf8_general_ci. (Bug#41049)

See also Bug#48872.

Use of InnoDB monitoring (SHOW ENGINE INNODB STATUS or one of the InnoDB Monitor tables) could cause a server crash due to invalid access to a shared variable in a concurrent environment. (Bug#38883)