For FC6 tracking +++ This bug was initially created as a clone of Bug #202247 +++ MySQL improper permission revocation If a user has been granted permissions to create a MERGE table, even after permissions have been revoked from the parent table, the user can access the data via the MERGE table. More information including a patch can be found here: http://bugs.mysql.com/bug.php?id=15195
still needed
CVE-2006-4031 VULNERABLE (mysql, fixed 5.0.24) bz#202675 marking as FC6Blocker