Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

mysql-5.6: Multiple security fixes from the January 2016 CPU

Related Vulnerabilities: CVE-2016-0505   CVE-2016-0546   CVE-2016-0597   CVE-2016-0598   CVE-2016-0600   CVE-2016-0606   CVE-2016-0608   CVE-2016-0609   CVE-2016-0596   CVE-2016-0503   CVE-2016-0504   CVE-2016-0607   CVE-2016-0611   CVE-2016-0595   CVE-2016-0610  

Source

Debian Bug report logs - #811443
mysql-5.6: Multiple security fixes from the January 2016 CPU

version graph

Package: src:mysql-5.6; Maintainer for src:mysql-5.6 is (unknown);

Reported by: "Norvald H. Ryeng" <norvald.ryeng@oracle.com>

Date: Mon, 18 Jan 2016 23:36:02 UTC

Severity: grave

Tags: fixed-upstream, security, upstream

Found in version mysql-5.6/5.6.27-2

Fixed in versions mysql-5.6/5.6.28-1, 5.6.35-1+rm

Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#811443; Package src:mysql-5.6. (Mon, 18 Jan 2016 23:36:05 GMT) (full text, mbox, link).

Acknowledgement sent to "Norvald H. Ryeng" <norvald.ryeng@oracle.com>:
New Bug report received and forwarded. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>. (Mon, 18 Jan 2016 23:36:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "Norvald H. Ryeng" <norvald.ryeng@oracle.com>
To: submit@bugs.debian.org
Subject: mysql-5.6: Multiple security fixes from the January 2016 CPU
Date: Mon, 18 Jan 2016 21:16:06 +0100
Source: mysql-5.6
Version: 5.6.27-2
Severity: grave
Tags: security upstream fixed-upstream

The Oracle Critical Patch Update for January 2016 will be released on  
Tuesday, January 19. According to the pre-release announcement [1], it  
will contain information about CVEs fixed in MySQL 5.6.28.

The CVE numbers will be available when the CPU is released.

Regards,

Norvald H. Ryeng

[1]  
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Information forwarded to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#811443; Package src:mysql-5.6. (Tue, 19 Jan 2016 12:18:03 GMT) (full text, mbox, link).

Acknowledgement sent to Robie Basak <robie.basak@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>. (Tue, 19 Jan 2016 12:18:04 GMT) (full text, mbox, link).

Message #10 received at 811443@bugs.debian.org (full text, mbox, reply):

From: Robie Basak <robie.basak@ubuntu.com>
To: "Norvald H. Ryeng" <norvald.ryeng@oracle.com>
Cc: 811443@bugs.debian.org, team@security.debian.org
Subject: Re: mysql-5.6: Multiple security fixes from the January 2016 CPU
Date: Tue, 19 Jan 2016 12:15:53 +0000
[Message part 1 (text/plain, inline)]
Question for the security team.

On Mon, Jan 18, 2016 at 09:16:06PM +0100, Norvald H. Ryeng wrote:
> Source: mysql-5.6
> Version: 5.6.27-2
> Severity: grave
> Tags: security upstream fixed-upstream

5.6.27-2 only exists in testing, and I uploaded 5.6.28-1 to unstable
recently. It hasn't landed in testing yet, but when it does this bug
will be fixed.

Is there anything we should do to accelerate this, given that it will be
a security fix?

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#811443; Package src:mysql-5.6. (Tue, 19 Jan 2016 20:03:13 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>. (Tue, 19 Jan 2016 20:03:13 GMT) (full text, mbox, link).

Message #15 received at 811443@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Robie Basak <robie.basak@ubuntu.com>
Cc: "Norvald H. Ryeng" <norvald.ryeng@oracle.com>, 811443@bugs.debian.org, team@security.debian.org
Subject: Re: mysql-5.6: Multiple security fixes from the January 2016 CPU
Date: Tue, 19 Jan 2016 20:57:53 +0100
Hi Robie,

On Tue, Jan 19, 2016 at 12:15:53PM +0000, Robie Basak wrote:
> Question for the security team.
> 
> On Mon, Jan 18, 2016 at 09:16:06PM +0100, Norvald H. Ryeng wrote:
> > Source: mysql-5.6
> > Version: 5.6.27-2
> > Severity: grave
> > Tags: security upstream fixed-upstream
> 
> 5.6.27-2 only exists in testing, and I uploaded 5.6.28-1 to unstable
> recently. It hasn't landed in testing yet, but when it does this bug
> will be fixed.
> 
> Is there anything we should do to accelerate this, given that it will be
> a security fix?

How fast (unless some RC bug is introduced) a package migrates from
unstable to testing is controlled by the urgency set. In this case it
will now happen in three days, which is fine.

See https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#testing-unstable

Regards,
Salvatore

Information forwarded to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#811443; Package src:mysql-5.6. (Tue, 19 Jan 2016 21:09:09 GMT) (full text, mbox, link).

Acknowledgement sent to "Norvald H. Ryeng" <norvald.ryeng@oracle.com>:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>. (Tue, 19 Jan 2016 21:09:09 GMT) (full text, mbox, link).

Message #20 received at 811443@bugs.debian.org (full text, mbox, reply):

From: "Norvald H. Ryeng" <norvald.ryeng@oracle.com>
To: 811443@bugs.debian.org
Subject: Re: [debian-mysql] Bug#811443: mysql-5.6: Multiple security fixes from the January 2016 CPU
Date: Tue, 19 Jan 2016 21:59:27 +0100
The Critical Patch Update is out:  
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

The following vulnerabilities are fixed by upgrading from MySQL 5.6.27 to  
5.6.28:

CVE-2016-0505
CVE-2016-0546
CVE-2016-0597
CVE-2016-0598
CVE-2016-0600
CVE-2016-0606
CVE-2016-0608
CVE-2016-0609
CVE-2016-0596
CVE-2016-0503
CVE-2016-0504
CVE-2016-0607
CVE-2016-0611
CVE-2016-0595
CVE-2016-0610

Regards,

Norvald H. Ryeng

Marked as fixed in versions mysql-5.6/5.6.28-1. Request was from Dominic Hargreaves <dom@earth.li> to control@bugs.debian.org. (Tue, 16 Aug 2016 15:30:04 GMT) (full text, mbox, link).

Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Tue, 31 Jan 2017 05:06:49 GMT) (full text, mbox, link).

Notification sent to "Norvald H. Ryeng" <norvald.ryeng@oracle.com>:
Bug acknowledged by developer. (Tue, 31 Jan 2017 05:06:49 GMT) (full text, mbox, link).

Message #27 received at 811443-done@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 608938-done@bugs.debian.org,673574-done@bugs.debian.org,744988-done@bugs.debian.org,792354-done@bugs.debian.org,792662-done@bugs.debian.org,793504-done@bugs.debian.org,797422-done@bugs.debian.org,798080-done@bugs.debian.org,798259-done@bugs.debian.org,799296-done@bugs.debian.org,799790-done@bugs.debian.org,801746-done@bugs.debian.org,804920-done@bugs.debian.org,804992-done@bugs.debian.org,805828-done@bugs.debian.org,806451-done@bugs.debian.org,806813-done@bugs.debian.org,809177-done@bugs.debian.org,811443-done@bugs.debian.org,813199-done@bugs.debian.org,829289-done@bugs.debian.org,830590-done@bugs.debian.org,837166-done@bugs.debian.org,837615-done@bugs.debian.org,840644-done@bugs.debian.org,840780-done@bugs.debian.org,845649-done@bugs.debian.org,
Cc: mysql-5.6@packages.debian.org, mysql-5.6@packages.qa.debian.org
Subject: Bug#853139: Removed package(s) from unstable
Date: Tue, 31 Jan 2017 05:02:59 +0000
Version: 5.6.35-1+rm

Dear submitter,

as the package mysql-5.6 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/853139

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 28 Feb 2017 07:29:44 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:39:46 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started