Debian Bug report logs -
#682210
CVE-2012-1735 CVE-2012-0540 CVE-2012-1757 CVE-2012-1756 CVE-2012-1734 CVE-2012-1689
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Fri, 20 Jul 2012 10:21:01 UTC
Severity: grave
Tags: security
Fixed in version 5.5.24+dfsg-1
Done: Nicholas Bamber <nicholas@periapt.co.uk>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#682210
; Package mysql-5.5
.
(Fri, 20 Jul 2012 10:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Fri, 20 Jul 2012 10:21:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: mysql-5.5
Severity: grave
Tags: security
New MySQL security round:
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
CVE-2012-1735 MySQL Server MySQL Protocol Server Optimizer No 6.8 Network Low Single None None Complete 5.5.23 and earlier
CVE-2012-0540 MySQL Server MySQL Protocol GIS Extension No 4.0 Network Low Single None None Partial+ 5.1.62 and earlier, 5.5.23 and earlier
CVE-2012-1757 MySQL Server MySQL Protocol InnoDB No 4.0 Network Low Single None None Partial+ 5.5.23 and earlier
CVE-2012-1756 MySQL Server MySQL Protocol Server No 4.0 Network Low Single None None Partial+ 5.5.23 and earlier
CVE-2012-1734 MySQL Server MySQL Protocol Server Optimizer No 4.0 Network Low Single None None Partial+ 5.1.62 and earlier, 5.5.23 and earlier
CVE-2012-1689 MySQL Server MySQL Protocol Server Optimizer No 4.0 Network Low Single None None Partial+ 5.1.62 and earlier, 5.5.22 and earlier
The advisory is confusing, I'm not sure which upstream version fixes these
issues. I'm afraid we'll have to update to a new upstream, though.
Maybe we can switch to a FLOSS-friendly fork like mariadb after Wheezy
release...
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#682210
; Package mysql-5.5
.
(Fri, 20 Jul 2012 16:21:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Olaf van der Spek <ml@vdspek.org>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Fri, 20 Jul 2012 16:21:02 GMT) (full text, mbox, link).
Message #10 received at 682210@bugs.debian.org (full text, mbox, reply):
On Fri, Jul 20, 2012 at 12:17 PM, Moritz Muehlenhoff
<muehlenhoff@univention.de> wrote:
> Maybe we can switch to a FLOSS-friendly fork like mariadb after Wheezy
> release...
Postgres might be a better alternative.
--
Olaf
Marked as fixed in versions 5.5.24+dfsg-1.
Request was from Clint Byrum <clint@ubuntu.com>
to control@bugs.debian.org
.
(Fri, 20 Jul 2012 21:42:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#682210
; Package mysql-5.5
.
(Mon, 23 Jul 2012 11:09:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Nicholas Bamber <nicholas@periapt.co.uk>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Mon, 23 Jul 2012 11:09:07 GMT) (full text, mbox, link).
Message #17 received at 682210@bugs.debian.org (full text, mbox, reply):
Moritz,
Do you still see any reason to keep this bug report open?
Reply sent
to Nicholas Bamber <nicholas@periapt.co.uk>
:
You have taken responsibility.
(Thu, 26 Jul 2012 07:24:04 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>
:
Bug acknowledged by developer.
(Thu, 26 Jul 2012 07:24:04 GMT) (full text, mbox, link).
Message #22 received at 682210-done@bugs.debian.org (full text, mbox, reply):
No reply from security team so closing.
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 31 Oct 2012 07:26:13 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:06:07 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.