Debian Bug report logs -
#792445
mysql-5.5: Multiple security fixes from the July 2015 CPU
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 14 Jul 2015 20:18:16 UTC
Severity: grave
Tags: fixed-upstream, jessie, security, sid, stretch, upstream, wheezy
Found in version mysql-5.5/5.5.23-2
Fixed in versions mysql-5.5/5.5.44-0+deb8u1, mysql-5.5/5.5.44-0+deb7u1
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#792445; Package src:mysql-5.5.
(Tue, 14 Jul 2015 20:18:20 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>.
(Tue, 14 Jul 2015 20:18:20 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.5
Version: 5.5.23-2
Severity: grave
Tags: security upstream fixed-upstream
Hi,
As usual for this time of the year: there is a new Oracle Patch update
including updates for MySQL, see:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
Regards,
Salvatore
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Mon, 20 Jul 2015 19:21:22 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 20 Jul 2015 19:21:22 GMT) (full text, mbox, link).
Message #10 received at 792445-close@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.5
Source-Version: 5.5.44-0+deb8u1
We believe that the bug you reported is fixed in the latest version of
mysql-5.5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 792445@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated mysql-5.5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 15 Jul 2015 17:00:27 +0200
Source: mysql-5.5
Binary: libmysqlclient18 libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 mysql-server mysql-client mysql-testsuite mysql-testsuite-5.5 mysql-source-5.5
Architecture: source all amd64
Version: 5.5.44-0+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
libmysqlclient-dev - MySQL database development files
libmysqlclient18 - MySQL database client library
libmysqld-dev - MySQL embedded database development files
libmysqld-pic - PIC version of MySQL embedded server development files
mysql-client - MySQL database client (metapackage depending on the latest versio
mysql-client-5.5 - MySQL database client binaries
mysql-common - MySQL database common files, e.g. /etc/mysql/my.cnf
mysql-server - MySQL database server (metapackage depending on the latest versio
mysql-server-5.5 - MySQL database server binaries and system database setup
mysql-server-core-5.5 - MySQL database server binaries
mysql-source-5.5 - MySQL source
mysql-testsuite - MySQL testsuite
mysql-testsuite-5.5 - MySQL testsuite
Closes: 792445
Changes:
mysql-5.5 (5.5.44-0+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Imported Upstream version 5.5.44 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- CVE-2015-4752 CVE-2015-4737 CVE-2015-2648 CVE-2015-2643 CVE-2015-2620
CVE-2015-2582
(Closes: #792445)
Checksums-Sha1:
38421705bb98179ffbe94c027f32a16fb4abbe9d 3093 mysql-5.5_5.5.44-0+deb8u1.dsc
1882c53d078ffb2e50339a8d9f5ba44c3eb155ea 21789766 mysql-5.5_5.5.44.orig.tar.gz
0007341644211abec26f1ddc8198ed3fd7dd6c77 232044 mysql-5.5_5.5.44-0+deb8u1.debian.tar.xz
b0ff43d654324ba5e25dfae0054fb43319aaa095 74262 mysql-common_5.5.44-0+deb8u1_all.deb
5bb586698a203e1801fc1807090dd189785ebd75 72570 mysql-server_5.5.44-0+deb8u1_all.deb
3d458da33e5f6faac4455802491efbb121bcf769 72442 mysql-client_5.5.44-0+deb8u1_all.deb
5157d43ce3e1266ad377a51cb9ad6ec60877bb29 72410 mysql-testsuite_5.5.44-0+deb8u1_all.deb
Checksums-Sha256:
a38f8a0b8db399ada03daffe38da76bc3dd6212fd24161848829a37774f1ee3d 3093 mysql-5.5_5.5.44-0+deb8u1.dsc
85f05b257db39e63c82ff4b5ce4e0c6d2b07560b5fc1646d47d7ae48eab3e5de 21789766 mysql-5.5_5.5.44.orig.tar.gz
a6b699902e63f757dfd7de988cdc9d9bc643a788a287ee3ceeb5836facacc4ad 232044 mysql-5.5_5.5.44-0+deb8u1.debian.tar.xz
43b9a2ee6e1c5a09f4859ae74a07983ca592616571092d8ef69b6d6204557093 74262 mysql-common_5.5.44-0+deb8u1_all.deb
0483e26dd00de121e8a582556cc68a01f8ea75824a78e6afbe0f6d8016880c68 72570 mysql-server_5.5.44-0+deb8u1_all.deb
861fc918e68ff9941b5648a56da11ed90ac370826773a373e4c678b77a37a04e 72442 mysql-client_5.5.44-0+deb8u1_all.deb
82240e16e3c5b8954cb16f1a6b3539be6148b363230dc959a44eebb4f3f66bb8 72410 mysql-testsuite_5.5.44-0+deb8u1_all.deb
Files:
f375bd269cb7183e30b30f85ec101125 3093 database optional mysql-5.5_5.5.44-0+deb8u1.dsc
b897ffd67fab9c981c448fdbe00e36bf 21789766 database optional mysql-5.5_5.5.44.orig.tar.gz
27102d5789be302b994351c83c94318b 232044 database optional mysql-5.5_5.5.44-0+deb8u1.debian.tar.xz
d88302653023ab530167945378454dfb 74262 database optional mysql-common_5.5.44-0+deb8u1_all.deb
3f9b9a252d32d8a412a7728f2104abd8 72570 database optional mysql-server_5.5.44-0+deb8u1_all.deb
724cf54618859dcbf4f18b1e79a6daa1 72442 database optional mysql-client_5.5.44-0+deb8u1_all.deb
b2dc5d5e3230bfc8e6beddadd35e6be4 72410 database optional mysql-testsuite_5.5.44-0+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVprhZAAoJEAVMuPMTQ89Eu2UP/RuWXyDMx8zvUjQa3CrNEaiW
U2cbrV1EewVoQ92Dsrr3eJN4fIBq5acSNbfr2lr35HK6y9Z3um5CXbzvBafhh+9R
IEDwYcAdqU+DXP0wrjKrE2SRAbPBx+CejguLKx+plVwUKaiqixbZfPUU4y3qXqoG
ZhmFS8OLff9hFGJ6da/UkSy3rhMbjNlQ5QNPR5WKCSCDTizcsrFd5K6rmhUXUtoN
KUfCjVtmCd80k3KPzWuL5Jc+mxGLwcWrHUG4PcSgz3+BaOkkxiQUov9n4R4fkYqw
3mmHdu0qHMK8CXX+a2lqWE6n5QOtAALvwwTOgaSwz3oP22dlbxG0kv/9iK3GOu0a
m9t8hqYTcQJYXUaKKQabfjH1fd04I8dBSvhrjRruzKvnizp4Blk10UvVskrYFRAR
1yEOb2+J5/9esNx1jyR0Tou0UEbRvw0v/S7fdcNxBqYlmpwETwTTis7SPmFDcVrX
4z8JzMoIpuGecPnCEzewE/PVzEDa5MfS4v4VxRaynugBg+whO8U1BT5BznFFZUCc
284mMSrl60t+PNw05LhnKvXA7PRHPc5hjVnLd89PpFWEcSTFkcFbjqzj6bX/xSpL
Ck0FiVIHAhqi/Obt1G1ILl5njyq2nbljWy2eZKZ2tjuP9BBy2xqQeQsnJ0EbrkD7
W/IP2qxggwGu9jIj5FSQ
=9iKz
-----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Mon, 20 Jul 2015 19:51:07 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 20 Jul 2015 19:51:07 GMT) (full text, mbox, link).
Message #15 received at 792445-close@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.5
Source-Version: 5.5.44-0+deb7u1
We believe that the bug you reported is fixed in the latest version of
mysql-5.5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 792445@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated mysql-5.5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 15 Jul 2015 22:01:14 +0200
Source: mysql-5.5
Binary: libmysqlclient18 libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 mysql-server mysql-client mysql-testsuite-5.5 mysql-source-5.5
Architecture: source all amd64
Version: 5.5.44-0+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
libmysqlclient-dev - MySQL database development files
libmysqlclient18 - MySQL database client library
libmysqld-dev - MySQL embedded database development files
libmysqld-pic - PIC version of MySQL embedded server development files
mysql-client - MySQL database client (metapackage depending on the latest versio
mysql-client-5.5 - MySQL database client binaries
mysql-common - MySQL database common files, e.g. /etc/mysql/my.cnf
mysql-server - MySQL database server (metapackage depending on the latest versio
mysql-server-5.5 - MySQL database server binaries and system database setup
mysql-server-core-5.5 - MySQL database server binaries
mysql-source-5.5 - MySQL source
mysql-testsuite-5.5 - MySQL testsuite
Closes: 792445
Changes:
mysql-5.5 (5.5.44-0+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Imported Upstream version 5.5.44 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- CVE-2015-4752 CVE-2015-4737 CVE-2015-2648 CVE-2015-2643 CVE-2015-2620
CVE-2015-2582
(Closes: #792445)
Checksums-Sha1:
108a206799558020828dd25360597ca774d89d7f 3038 mysql-5.5_5.5.44-0+deb7u1.dsc
d10482e705b2b8ea97e0110c9a89b93c99e41db1 280852 mysql-5.5_5.5.44-0+deb7u1.debian.tar.xz
5d3ea48d4daddd448a638e784741ae1e88fdd322 73430 mysql-common_5.5.44-0+deb7u1_all.deb
0b7d06c0f47e01c214e8db9dec426bafe979be43 71750 mysql-server_5.5.44-0+deb7u1_all.deb
c603e2325bd11910bdc59bf70635c5dc0e1a3aeb 71636 mysql-client_5.5.44-0+deb7u1_all.deb
34e7ef85a37d93361c66c1871ffab9c1c94fa334 677458 libmysqlclient18_5.5.44-0+deb7u1_amd64.deb
23f60a8c5d36c4f4802a1266c7efffea3d782d10 3172482 libmysqld-pic_5.5.44-0+deb7u1_amd64.deb
4d1ec5996e8a1cdd5e998aa9127600669663fdb3 3167916 libmysqld-dev_5.5.44-0+deb7u1_amd64.deb
a47244758257fae0abe79e6d859ec621d4428d89 944964 libmysqlclient-dev_5.5.44-0+deb7u1_amd64.deb
de20fa558ad4bc94ae8375a1c96aaec334186f47 1890664 mysql-client-5.5_5.5.44-0+deb7u1_amd64.deb
f3037040627048bc7387a40557a8691512f1a9a3 3418988 mysql-server-core-5.5_5.5.44-0+deb7u1_amd64.deb
b4f5f22101c90836be9e949433b99a96140d382b 2091848 mysql-server-5.5_5.5.44-0+deb7u1_amd64.deb
e55a0b303527ea868ee5b97a29671b666d7e8055 4412026 mysql-testsuite-5.5_5.5.44-0+deb7u1_amd64.deb
37b2a57f527928c7e49fe085da8eda3e6dc413f6 22892804 mysql-source-5.5_5.5.44-0+deb7u1_amd64.deb
Checksums-Sha256:
8e95c5c80a3e7df276733d4bb3d509a8bdd2f893b3f9de4be4d1a83bbda1b95b 3038 mysql-5.5_5.5.44-0+deb7u1.dsc
04dead5ab1adaee6090491ea1cd62cd4a0e5046e06aecc4472747ebd4b7afebb 280852 mysql-5.5_5.5.44-0+deb7u1.debian.tar.xz
3cf282eb5e46a0cf246d6252d82432312f46545bd007482f246328c5e0928f24 73430 mysql-common_5.5.44-0+deb7u1_all.deb
4229457c5bf4962433dfaca0b48249602999f061cdb83705e27861d97a16b9fe 71750 mysql-server_5.5.44-0+deb7u1_all.deb
b424bcc6a9638fbadd8eb0c6c85c45afdc678b4096eb1df0a2f2826f82f46d97 71636 mysql-client_5.5.44-0+deb7u1_all.deb
e573c8c9003d13fee3bc5b16d41853e53e5adc7d8e67ce23191780deea5e40ad 677458 libmysqlclient18_5.5.44-0+deb7u1_amd64.deb
09cf305f300b43ff7abca724262e514b04522cf52102c3a8b5fa76ac3e98fe0a 3172482 libmysqld-pic_5.5.44-0+deb7u1_amd64.deb
d33e3ebfc0dbfbabbe835f9cddf58b1fb8b0f43edb126996cfe823c8c2375bf7 3167916 libmysqld-dev_5.5.44-0+deb7u1_amd64.deb
4e7ff3e5b8755da7638d907c41b9b8f3b0d2c0924e9a496ce34123728f062cb0 944964 libmysqlclient-dev_5.5.44-0+deb7u1_amd64.deb
dbf975bae68c1960ee23b6e259a8e9ba93c5e72beb72e1e4e8e035125c7d5622 1890664 mysql-client-5.5_5.5.44-0+deb7u1_amd64.deb
070ab7e533acc2985763cedb618e37353f440aa3b408c411b7a5200c3ddd49f1 3418988 mysql-server-core-5.5_5.5.44-0+deb7u1_amd64.deb
8fa5757061d4ecd6aa56a391590107fcc357fead5547ceee35b1159e88d8758d 2091848 mysql-server-5.5_5.5.44-0+deb7u1_amd64.deb
148092afda73430c8ffbb42984664ca187765b56358faa1f1524418f453dcc8b 4412026 mysql-testsuite-5.5_5.5.44-0+deb7u1_amd64.deb
91b3f14aaa7354ad59b37e0e57efce115dd3c66a5698deda566f5bb163721ff4 22892804 mysql-source-5.5_5.5.44-0+deb7u1_amd64.deb
Files:
63f3c89912febb600a0060e09f94ce6c 3038 database optional mysql-5.5_5.5.44-0+deb7u1.dsc
e8ec3fbb7f55a8aa4d61a9b62c5c26fd 280852 database optional mysql-5.5_5.5.44-0+deb7u1.debian.tar.xz
947db1fc501b161cbb10ce0b846ac8c2 73430 database optional mysql-common_5.5.44-0+deb7u1_all.deb
9c8644a24bcf68a39a9931af99d0ca4c 71750 database optional mysql-server_5.5.44-0+deb7u1_all.deb
3e9fd549dcd658f0488efecd0b19a292 71636 database optional mysql-client_5.5.44-0+deb7u1_all.deb
96efa24c7d0f5237b0971efac56c1fed 677458 libs optional libmysqlclient18_5.5.44-0+deb7u1_amd64.deb
92f760bf4d14f3abcd3bfa5474760adf 3172482 libdevel optional libmysqld-pic_5.5.44-0+deb7u1_amd64.deb
8b85c3969c55a2426e26218b2ed56a93 3167916 libdevel optional libmysqld-dev_5.5.44-0+deb7u1_amd64.deb
0a2a551479a4c88b9a041229ea4d74e2 944964 libdevel optional libmysqlclient-dev_5.5.44-0+deb7u1_amd64.deb
91a57515d1f42bffa6385adbe3b3dab2 1890664 database optional mysql-client-5.5_5.5.44-0+deb7u1_amd64.deb
a3410294534c8c63ce13d609d1dbf444 3418988 database optional mysql-server-core-5.5_5.5.44-0+deb7u1_amd64.deb
0106f11e07a9208ada957a279d9fa883 2091848 database optional mysql-server-5.5_5.5.44-0+deb7u1_amd64.deb
41be6e8d73d57e9e5f1a10163056c99e 4412026 database optional mysql-testsuite-5.5_5.5.44-0+deb7u1_amd64.deb
edc1dbbb27d42bdc9ceb0fe59db5af82 22892804 database optional mysql-source-5.5_5.5.44-0+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVpzb8AAoJEAVMuPMTQ89EvXMP/15E6mgSvDH+2jkevD2/jK4L
qM8MaWlkurx/lK0jGBNNhfaheDcOY3coC7sZ+rg/Qc9Hv5e/fYSyTDkyjeLtyUlI
Zvyn55tSMdxN3L6B0aF7BCuzvfPAahUR/GbyBHpNDRuNuvz1G4eye8Jr41uPK9xC
Fij3xXCDBfi7k4vTbD9+iIfCdWgmzkvrudLOAY2whGFP1fNF8Ha6oV5ZdgRIuZbs
zdXClPUjdtCy/Tiv7hVjimW5Mf7Rrx9LXrEqLPJTQfVUXNQsFb+AxcRliryLJEFv
RVQCbE8tip/df8Q7YVYwLZ1AE7AHXmEZXtE4U+pn79ca4Jse5/8RNrgi6kKcP2iA
lqEtHSkqC2gAwjm6+ycRTvqqwJTi27lg6m9w+JZ7adXbiuKLC1O89d4awOsEOAXo
ASLMfxdACsA8uOtuALSm6Nmgow2CRQRD59X63sliltCfTqW5sVCjLxzJEYKybMBM
xzwFloLT3zN3XYW2EWCi55V5ADeLxT0q1pDkSEhOjWyBQgvfujiv7D8Oh/H686Rb
CIyeb4TwscXkcRzYB3PK6gmKyFah7CzLk4Oy0KoEm0DYcx26+sPQXFBpbSd0VbH6
4Aqsx6xrypEH5qKOwLCfWGCpOoCv9pfWu5+bzb+5iBqmkbicgVrBUDz6oo0mSyeG
YOs5LKPBBSa7MFNrQMvQ
=pNVN
-----END PGP SIGNATURE-----
Added tag(s) wheezy, jessie, sid, and stretch.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 21 Jul 2015 15:00:03 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 04 Oct 2015 07:54:25 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:06:04 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon