Debian Bug report logs -
#670636
Multiple security issues in April security release
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Fri, 27 Apr 2012 13:45:01 UTC
Severity: grave
Tags: pending, security
Fixed in versions mysql-5.1/5.1.62-1, 5.1.63-0+squeeze1
Done: Clint Byrum <clint@ubuntu.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#670636; Package mysql-5.1.
(Fri, 27 Apr 2012 13:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>.
(Fri, 27 Apr 2012 13:45:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: mysql-5.1
Severity: grave
Tags: security
Multiple - and yet again unspecified :-/ - security issues have been fixed in the April
Oracle security release:
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixMSQL
Affecting 5.1 and 5.5
CVE-2012-1703 MySQL Server MySQL Protocol Server Optimizer
CVE-2012-0583 MySQL Server MySQL Protocol MyISAM
CVE-2012-1688 MySQL Server MySQL Protocol Server DML
CVE-2012-1690 MySQL Server MySQL Protocol Server Optimizer
Affecting 5.5 only:
CVE-2012-1697 MySQL Server MySQL Protocol Partition
CVE-2012-1696 MySQL Server MySQL Protocol Server Optimizer
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#670636; Package mysql-5.1.
(Sat, 28 Apr 2012 14:18:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Nicholas Bamber <nicholas@periapt.co.uk>:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>.
(Sat, 28 Apr 2012 14:18:02 GMT) (full text, mbox, link).
Message #10 received at 670636@bugs.debian.org (full text, mbox, reply):
Moritz,
The Debian MySQL team is debating pushing mysql 5.5 into unstable
(including the latest upstream releases), transitioning the dependencies
and dropping mysql 5.1. As such you probably won't see any activity on
mysql 5.1 at all unless it becomes clear that this plan is unfeasible
for some reason.
On 27/04/12 14:39, Moritz Muehlenhoff wrote:
> Package: mysql-5.1
> Severity: grave
> Tags: security
>
> Multiple - and yet again unspecified :-/ - security issues have been fixed in the April
> Oracle security release:
>
> http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixMSQL
>
> Affecting 5.1 and 5.5
>
> CVE-2012-1703 MySQL Server MySQL Protocol Server Optimizer
> CVE-2012-0583 MySQL Server MySQL Protocol MyISAM
> CVE-2012-1688 MySQL Server MySQL Protocol Server DML
> CVE-2012-1690 MySQL Server MySQL Protocol Server Optimizer
>
> Affecting 5.5 only:
> CVE-2012-1697 MySQL Server MySQL Protocol Partition
> CVE-2012-1696 MySQL Server MySQL Protocol Server Optimizer
>
> Cheers,
> Moritz
>
>
>
> _______________________________________________
> pkg-mysql-maint mailing list
> pkg-mysql-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint
>
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#670636; Package mysql-5.1.
(Sat, 28 Apr 2012 14:45:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Olaf van der Spek <ml@vdspek.org>:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>.
(Sat, 28 Apr 2012 14:45:09 GMT) (full text, mbox, link).
Message #15 received at 670636@bugs.debian.org (full text, mbox, reply):
On Sat, Apr 28, 2012 at 4:14 PM, Nicholas Bamber <nicholas@periapt.co.uk> wrote:
> Moritz,
> The Debian MySQL team is debating pushing mysql 5.5 into unstable
> (including the latest upstream releases), transitioning the dependencies and
> dropping mysql 5.1. As such you probably won't see any activity on mysql
> 5.1 at all unless it becomes clear that this plan is unfeasible for some
> reason.
What's the cost of doing a new 5.1 release? Shouldn't be much trouble
(I assume).
Olaf
Added tag(s) pending.
Request was from Clint Byrum <spamaps-guest@alioth.debian.org>
to control@bugs.debian.org.
(Tue, 01 May 2012 18:09:04 GMT) (full text, mbox, link).
Reply sent
to Clint Byrum <clint@ubuntu.com>:
You have taken responsibility.
(Thu, 03 May 2012 15:51:11 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Thu, 03 May 2012 15:51:11 GMT) (full text, mbox, link).
Message #22 received at 670636-close@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.1
Source-Version: 5.1.62-1
We believe that the bug you reported is fixed in the latest version of
mysql-5.1, which is due to be installed in the Debian FTP archive:
libmysqlclient-dev_5.1.62-1_i386.deb
to main/m/mysql-5.1/libmysqlclient-dev_5.1.62-1_i386.deb
libmysqlclient16_5.1.62-1_i386.deb
to main/m/mysql-5.1/libmysqlclient16_5.1.62-1_i386.deb
libmysqld-dev_5.1.62-1_i386.deb
to main/m/mysql-5.1/libmysqld-dev_5.1.62-1_i386.deb
libmysqld-pic_5.1.62-1_i386.deb
to main/m/mysql-5.1/libmysqld-pic_5.1.62-1_i386.deb
mysql-5.1_5.1.62-1.diff.gz
to main/m/mysql-5.1/mysql-5.1_5.1.62-1.diff.gz
mysql-5.1_5.1.62-1.dsc
to main/m/mysql-5.1/mysql-5.1_5.1.62-1.dsc
mysql-5.1_5.1.62.orig.tar.gz
to main/m/mysql-5.1/mysql-5.1_5.1.62.orig.tar.gz
mysql-client-5.1_5.1.62-1_i386.deb
to main/m/mysql-5.1/mysql-client-5.1_5.1.62-1_i386.deb
mysql-client_5.1.62-1_all.deb
to main/m/mysql-5.1/mysql-client_5.1.62-1_all.deb
mysql-common_5.1.62-1_all.deb
to main/m/mysql-5.1/mysql-common_5.1.62-1_all.deb
mysql-server-5.1_5.1.62-1_i386.deb
to main/m/mysql-5.1/mysql-server-5.1_5.1.62-1_i386.deb
mysql-server-core-5.1_5.1.62-1_i386.deb
to main/m/mysql-5.1/mysql-server-core-5.1_5.1.62-1_i386.deb
mysql-server_5.1.62-1_all.deb
to main/m/mysql-5.1/mysql-server_5.1.62-1_all.deb
mysql-source-5.1_5.1.62-1_i386.deb
to main/m/mysql-5.1/mysql-source-5.1_5.1.62-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 670636@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Clint Byrum <clint@ubuntu.com> (supplier of updated mysql-5.1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 01 May 2012 15:16:23 -0700
Source: mysql-5.1
Binary: libmysqlclient16 libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.1 mysql-server-core-5.1 mysql-server-5.1 mysql-server mysql-client mysql-source-5.1
Architecture: source all i386
Version: 5.1.62-1
Distribution: unstable
Urgency: low
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Clint Byrum <clint@ubuntu.com>
Description:
libmysqlclient-dev - MySQL database development files
libmysqlclient16 - MySQL database client library
libmysqld-dev - MySQL embedded database development files
libmysqld-pic - MySQL database development files
mysql-client - MySQL database client (metapackage depending on the latest versio
mysql-client-5.1 - MySQL database client binaries
mysql-common - MySQL database common files, e.g. /etc/mysql/my.cnf
mysql-server - MySQL database server (metapackage depending on the latest versio
mysql-server-5.1 - MySQL database server binaries and system database setup
mysql-server-core-5.1 - MySQL database server binaries
mysql-source-5.1 - MySQL source
Closes: 670636
Changes:
mysql-5.1 (5.1.62-1) unstable; urgency=low
.
* SECURITY UPDATE: Multiple unspecified vulnerabilities identified
by Oracle in verions of MySQL 5.1 prior to 5.1.62: CVE-2012-1703
CVE-2012-0583 CVE-2012-1688 CVE-2012-1690. (Closes: #670636)
* debian/watch: old mirror was empty, switching to a valid, up to date
FTP mirror
* Building source package with svn-buidpackage, so debdiff is large due
to removing extra .svn files.
Checksums-Sha1:
92717a54b032f75027380dfc2d8345ad01a42362 2855 mysql-5.1_5.1.62-1.dsc
06c7b3742f21fee6faf46224de2221230f943f63 24503313 mysql-5.1_5.1.62.orig.tar.gz
841f64ca26fc9a0c50de278fdf7e413a7ade6644 299355 mysql-5.1_5.1.62-1.diff.gz
d4fca653429f02987894cb7410537890acb8f414 76498 mysql-common_5.1.62-1_all.deb
6cf013ffdc740467c707e8458710b66e26de7e9b 70410 mysql-server_5.1.62-1_all.deb
e547033d5445ad0a09ade002a6beecf8fc8c3759 70278 mysql-client_5.1.62-1_all.deb
96a620eee63fb423a47cb4b05b291fb694d89109 1923966 libmysqlclient16_5.1.62-1_i386.deb
6d04131d2924a73631893fa6b17e79e8a57251a6 4287966 libmysqld-pic_5.1.62-1_i386.deb
69938c6050ae63fb8c21bb34e76cc84efdb83a45 5524768 libmysqld-dev_5.1.62-1_i386.deb
cd6a843b1afe7d4d948bf836a7657244f94b4f5b 3093638 libmysqlclient-dev_5.1.62-1_i386.deb
a4055905dd2d345c0dd1554b9c1a54a5bb7c20bd 9598412 mysql-client-5.1_5.1.62-1_i386.deb
061ae93a7afe63c0a1e54f88715e9c51ed8965ce 3989442 mysql-server-core-5.1_5.1.62-1_i386.deb
3c2b517a91aaf949f5da4d5a502cc59dd5e3fdd8 6535068 mysql-server-5.1_5.1.62-1_i386.deb
7cfa7cfe5aedc80aee7540477ad24acca6fd17f7 25029334 mysql-source-5.1_5.1.62-1_i386.deb
Checksums-Sha256:
3cd55745043cc3bc7c2b95503ce8de4af6ca5c2614fac25ddc39c16d3b40ddf6 2855 mysql-5.1_5.1.62-1.dsc
97c07b2478e25892fe915b2c46e99083973f541ecdf06672241f0c22f79fead3 24503313 mysql-5.1_5.1.62.orig.tar.gz
9429e6b96cc67354c63c96e56990e8f03250a3c619d9fc6be26db7897e05675c 299355 mysql-5.1_5.1.62-1.diff.gz
2e2c2b4679042960cff958e9b61bebcecaa7342473b856b91d6a1c843b1b363b 76498 mysql-common_5.1.62-1_all.deb
e5ecbd43a027d95fb3ffc53fae93a261269ddf1c815b1c8667eaa633c36d185d 70410 mysql-server_5.1.62-1_all.deb
1584fb78ee313a550b7f71bc4213950f3cc84a2464d4ba46244fe8a0dbce01d1 70278 mysql-client_5.1.62-1_all.deb
0cbe91d1feb22a2d2a0f0a281619165b0ccb754c29bc2412c4e1392beb97628c 1923966 libmysqlclient16_5.1.62-1_i386.deb
1df2d9c683b55fbbac82348b99a6d749178ce575d9a30064e3d02d4de4073d6e 4287966 libmysqld-pic_5.1.62-1_i386.deb
179344788ed6566bd4f662288470de16ef3c63af23b090507bb234ee59dc1f24 5524768 libmysqld-dev_5.1.62-1_i386.deb
59269490eabe5bf938883662e128ae6227ebbfc829903be64dc00e538a079808 3093638 libmysqlclient-dev_5.1.62-1_i386.deb
7e5b75ac9bf21b84297703c9a50a5ee7f47b64488e6fcc57761d5df8353a7819 9598412 mysql-client-5.1_5.1.62-1_i386.deb
d6bc72c4e3e174d5b1861f2192188928b72b4948f15b3bfae2e384272d608092 3989442 mysql-server-core-5.1_5.1.62-1_i386.deb
030be15d39015262caffe379716095078bda885ae433f17ad80231f200ba0424 6535068 mysql-server-5.1_5.1.62-1_i386.deb
19aa365fb0c66b7aefcdd2ec7ba81059c951f412224b67eaf62e3deb26264c07 25029334 mysql-source-5.1_5.1.62-1_i386.deb
Files:
fe6f7fea6b417396595d03b9e4ec045e 2855 misc optional mysql-5.1_5.1.62-1.dsc
58843ac04d3e8bb6ff973938e7e88a28 24503313 misc optional mysql-5.1_5.1.62.orig.tar.gz
e4302a82cc96f8f7e54a690132bd996d 299355 misc optional mysql-5.1_5.1.62-1.diff.gz
90a1113ebe14024fb53181aade708c18 76498 database optional mysql-common_5.1.62-1_all.deb
0c2c1c80cc9e1db4c66793c4bb3a61d0 70410 database optional mysql-server_5.1.62-1_all.deb
8bec704b4311e83e9c38497689ceef54 70278 database optional mysql-client_5.1.62-1_all.deb
df19404dbc7fa482450ced1c906a3f10 1923966 libs optional libmysqlclient16_5.1.62-1_i386.deb
94015bced923baaf239e8db35288c13a 4287966 libdevel optional libmysqld-pic_5.1.62-1_i386.deb
8162e4a51ad01385d0e9152e1f77003d 5524768 libdevel optional libmysqld-dev_5.1.62-1_i386.deb
dbb6f7132e9176d077e1f958e3868aee 3093638 libdevel optional libmysqlclient-dev_5.1.62-1_i386.deb
30cd0fe0dc5611a59159825ba887c3d1 9598412 misc optional mysql-client-5.1_5.1.62-1_i386.deb
a642b33ae6f60077a7f595af85d5c4ba 3989442 misc optional mysql-server-core-5.1_5.1.62-1_i386.deb
7177ddfd81424decba79584fd2eb9d02 6535068 misc optional mysql-server-5.1_5.1.62-1_i386.deb
ae0cf2268d3739d124d34b70cc9a7f30 25029334 misc optional mysql-source-5.1_5.1.62-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPoQ55AAoJELbE2bY7/+c84b0QANQSHlRYnl1DSkSK660kwMps
JfGvcWStrx8IyVHL3WSsOiej1aMVoDFowTtNmfqpTTG/6LMH5YFz5qSbUBTMCHG5
TfhDkGaxlo0ocWwGR/hGZuJ9V87M2INObOsX5MYk8BVvXQNvRyNN3fc894OCFizN
WozSEEiLx+2eQ5yxYMTZH4/69jcCNJy2QmyWKfsOEeISgmVlUZcsJ9H9rUfhQfRf
jTqxx3cIvwkyjCgWZnbKGhj8Lh6HvxlANa4d5FtN0u22ZpcVJ760TanZFyeqiN3q
bKzlK7gFNPhSUH8fsnLBB52sWQg5ywi6RJmzvp/DN+oJ42xnUTP8ANfS5Wn9oCIL
qvLbp7gZDJj3Qb71Cuvohlz4mgWqVFryYyna3PDJF4eBM4AmRXQS4g7i1zD0NEoi
Hh/d+AZyqkyt98u4bHvKex4MtNQLYV5mEuLHcQ5BkUMIvzNrt17R5g7TBdw5Tf1g
NnONtvT1ELK2pjWNPT/udko11PGpcqbMhd4QnCsvsOuVHU5D4wocl2g43PNBFlx8
Uo4I3cFy7RDBofvOjNfxKoAIeDLTTGrfW4/zmwfgDxI6qlBpD33MRNT4xHD72YtO
OPWyb/xIoyVBbxpNgc3ePGTCmDVhASGTpHktVJksDz1Tbl5g5uBnPkm18fSyRhit
lfAjkwPb1+SBM4Y7w1JQ
=FUtV
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#670636; Package mysql-5.1.
(Tue, 15 May 2012 16:33:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Thomas Babut <tbabut@mobileobjects.de>:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>.
(Tue, 15 May 2012 16:33:02 GMT) (full text, mbox, link).
Message #27 received at 670636@bugs.debian.org (full text, mbox, reply):
What about Debian Squeeze? Are you planning to provide fixed mysql
packages for the current stable release of Debian, too?
Thanks.
--
Mit freundlichen Gruessen / Kind regards,
Thomas Babut
Added tag(s) pending.
Request was from Clint Byrum <spamaps-guest@alioth.debian.org>
to control@bugs.debian.org.
(Tue, 12 Jun 2012 12:51:15 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#670636; Package mysql-5.1.
(Mon, 16 Jul 2012 15:03:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Arne Wichmann <aw@anhrefn.saar.de>:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>.
(Mon, 16 Jul 2012 15:03:06 GMT) (full text, mbox, link).
Message #34 received at 670636@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
fixed 670636 5.1.63-0+squeeze1
thanks
670636 is fixed in stable-security (shouldn't it really be closed now?)
cu
AW
--
[...] If you don't want to be restricted, don't agree to it. If you are
coerced, comply as much as you must to protect yourself, just don't support
it. Noone can free you but yourself. (crag, on Debian Planet)
Arne Wichmann (aw@linux.de)
[signature.asc (application/pgp-signature, inline)]
Marked as fixed in versions 5.1.63-0+squeeze1.
Request was from Arne Wichmann <aw@anhrefn.saar.de>
to control@bugs.debian.org.
(Mon, 16 Jul 2012 15:03:08 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 05 May 2013 07:41:13 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:02:19 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon