Debian Bug report logs -
#811443
mysql-5.6: Multiple security fixes from the January 2016 CPU
Reported by: "Norvald H. Ryeng" <norvald.ryeng@oracle.com>
Date: Mon, 18 Jan 2016 23:36:02 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in version mysql-5.6/5.6.27-2
Fixed in versions mysql-5.6/5.6.28-1, 5.6.35-1+rm
Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#811443
; Package src:mysql-5.6
.
(Mon, 18 Jan 2016 23:36:05 GMT) (full text, mbox, link).
Acknowledgement sent
to "Norvald H. Ryeng" <norvald.ryeng@oracle.com>
:
New Bug report received and forwarded. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Mon, 18 Jan 2016 23:36:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.6
Version: 5.6.27-2
Severity: grave
Tags: security upstream fixed-upstream
The Oracle Critical Patch Update for January 2016 will be released on
Tuesday, January 19. According to the pre-release announcement [1], it
will contain information about CVEs fixed in MySQL 5.6.28.
The CVE numbers will be available when the CPU is released.
Regards,
Norvald H. Ryeng
[1]
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#811443
; Package src:mysql-5.6
.
(Tue, 19 Jan 2016 12:18:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Robie Basak <robie.basak@ubuntu.com>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Tue, 19 Jan 2016 12:18:04 GMT) (full text, mbox, link).
Message #10 received at 811443@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Question for the security team.
On Mon, Jan 18, 2016 at 09:16:06PM +0100, Norvald H. Ryeng wrote:
> Source: mysql-5.6
> Version: 5.6.27-2
> Severity: grave
> Tags: security upstream fixed-upstream
5.6.27-2 only exists in testing, and I uploaded 5.6.28-1 to unstable
recently. It hasn't landed in testing yet, but when it does this bug
will be fixed.
Is there anything we should do to accelerate this, given that it will be
a security fix?
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#811443
; Package src:mysql-5.6
.
(Tue, 19 Jan 2016 20:03:13 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Tue, 19 Jan 2016 20:03:13 GMT) (full text, mbox, link).
Message #15 received at 811443@bugs.debian.org (full text, mbox, reply):
Hi Robie,
On Tue, Jan 19, 2016 at 12:15:53PM +0000, Robie Basak wrote:
> Question for the security team.
>
> On Mon, Jan 18, 2016 at 09:16:06PM +0100, Norvald H. Ryeng wrote:
> > Source: mysql-5.6
> > Version: 5.6.27-2
> > Severity: grave
> > Tags: security upstream fixed-upstream
>
> 5.6.27-2 only exists in testing, and I uploaded 5.6.28-1 to unstable
> recently. It hasn't landed in testing yet, but when it does this bug
> will be fixed.
>
> Is there anything we should do to accelerate this, given that it will be
> a security fix?
How fast (unless some RC bug is introduced) a package migrates from
unstable to testing is controlled by the urgency set. In this case it
will now happen in three days, which is fine.
See https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#testing-unstable
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#811443
; Package src:mysql-5.6
.
(Tue, 19 Jan 2016 21:09:09 GMT) (full text, mbox, link).
Acknowledgement sent
to "Norvald H. Ryeng" <norvald.ryeng@oracle.com>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Tue, 19 Jan 2016 21:09:09 GMT) (full text, mbox, link).
Message #20 received at 811443@bugs.debian.org (full text, mbox, reply):
The Critical Patch Update is out:
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
The following vulnerabilities are fixed by upgrading from MySQL 5.6.27 to
5.6.28:
CVE-2016-0505
CVE-2016-0546
CVE-2016-0597
CVE-2016-0598
CVE-2016-0600
CVE-2016-0606
CVE-2016-0608
CVE-2016-0609
CVE-2016-0596
CVE-2016-0503
CVE-2016-0504
CVE-2016-0607
CVE-2016-0611
CVE-2016-0595
CVE-2016-0610
Regards,
Norvald H. Ryeng
Marked as fixed in versions mysql-5.6/5.6.28-1.
Request was from Dominic Hargreaves <dom@earth.li>
to control@bugs.debian.org
.
(Tue, 16 Aug 2016 15:30:04 GMT) (full text, mbox, link).
Reply sent
to Debian FTP Masters <ftpmaster@ftp-master.debian.org>
:
You have taken responsibility.
(Tue, 31 Jan 2017 05:06:49 GMT) (full text, mbox, link).
Notification sent
to "Norvald H. Ryeng" <norvald.ryeng@oracle.com>
:
Bug acknowledged by developer.
(Tue, 31 Jan 2017 05:06:49 GMT) (full text, mbox, link).
Message #27 received at 811443-done@bugs.debian.org (full text, mbox, reply):
Version: 5.6.35-1+rm
Dear submitter,
as the package mysql-5.6 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/853139
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 28 Feb 2017 07:29:44 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:39:46 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.