Mailing the story:
Mandrake alert: Updated MySQL packages fix vulnerability
In MySQL 3.23.55 and earlier, MySQL would create world-writeable files and allow mysql users to gain root privileges by using the "SELECT * INTO OUTFILE" operator to overwrite a configuration file, which could cause mysql to run as root upon restarting the daemon.