Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2012-1735 CVE-2012-0540 CVE-2012-1757 CVE-2012-1756 CVE-2012-1734 CVE-2012-1689

Source

Debian Bug report logs - #682210
CVE-2012-1735 CVE-2012-0540 CVE-2012-1757 CVE-2012-1756 CVE-2012-1734 CVE-2012-1689

Package: mysql-5.5; Maintainer for mysql-5.5 is Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Fri, 20 Jul 2012 10:21:01 UTC

Severity: grave

Tags: security

Fixed in version 5.5.24+dfsg-1

Done: Nicholas Bamber <nicholas@periapt.co.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#682210; Package mysql-5.5. (Fri, 20 Jul 2012 10:21:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>. (Fri, 20 Jul 2012 10:21:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: mysql-5.5
Severity: grave
Tags: security

New MySQL security round:

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

CVE-2012-1735	MySQL Server	MySQL Protocol	Server Optimizer	No	6.8	Network		Low	Single	None  None  Complete  5.5.23 and earlier   
CVE-2012-0540 	MySQL Server 	MySQL Protocol 	GIS Extension 		No 	4.0 	Network 	Low 	Single 	None  None  Partial+  5.1.62 and earlier, 5.5.23 and earlier   
CVE-2012-1757 	MySQL Server 	MySQL Protocol 	InnoDB 			No 	4.0 	Network 	Low 	Single 	None  None  Partial+  5.5.23 and earlier   
CVE-2012-1756 	MySQL Server 	MySQL Protocol 	Server 			No 	4.0 	Network 	Low 	Single 	None  None  Partial+  5.5.23 and earlier    
CVE-2012-1734 	MySQL Server 	MySQL Protocol 	Server Optimizer 	No 	4.0 	Network 	Low 	Single 	None  None  Partial+  5.1.62 and earlier, 5.5.23 and earlier   
CVE-2012-1689 	MySQL Server 	MySQL Protocol 	Server Optimizer 	No 	4.0 	Network 	Low 	Single 	None  None  Partial+  5.1.62 and earlier, 5.5.22 and earlier    

The advisory is confusing, I'm not sure which upstream version fixes these
issues. I'm afraid we'll have to update to a new upstream, though.

Maybe we can switch to a FLOSS-friendly fork like mariadb after Wheezy
release...

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#682210; Package mysql-5.5. (Fri, 20 Jul 2012 16:21:02 GMT) (full text, mbox, link).

Acknowledgement sent to Olaf van der Spek <ml@vdspek.org>:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>. (Fri, 20 Jul 2012 16:21:02 GMT) (full text, mbox, link).

Message #10 received at 682210@bugs.debian.org (full text, mbox, reply):

On Fri, Jul 20, 2012 at 12:17 PM, Moritz Muehlenhoff
<muehlenhoff@univention.de> wrote:
> Maybe we can switch to a FLOSS-friendly fork like mariadb after Wheezy
> release...

Postgres might be a better alternative.

-- 
Olaf

Marked as fixed in versions 5.5.24+dfsg-1. Request was from Clint Byrum <clint@ubuntu.com> to control@bugs.debian.org. (Fri, 20 Jul 2012 21:42:04 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#682210; Package mysql-5.5. (Mon, 23 Jul 2012 11:09:07 GMT) (full text, mbox, link).

Acknowledgement sent to Nicholas Bamber <nicholas@periapt.co.uk>:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>. (Mon, 23 Jul 2012 11:09:07 GMT) (full text, mbox, link).

Message #17 received at 682210@bugs.debian.org (full text, mbox, reply):

Moritz,
Do you still see any reason to keep this bug report open?

Reply sent to Nicholas Bamber <nicholas@periapt.co.uk>:
You have taken responsibility. (Thu, 26 Jul 2012 07:24:04 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Thu, 26 Jul 2012 07:24:04 GMT) (full text, mbox, link).

Message #22 received at 682210-done@bugs.debian.org (full text, mbox, reply):

No reply from security team so closing.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 31 Oct 2012 07:26:13 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:06:07 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-1735 CVE-2012-0540 CVE-2012-1757 CVE-2012-1756 CVE-2012-1734 CVE-2012-1689

Debian Bug report logs - #682210
CVE-2012-1735 CVE-2012-0540 CVE-2012-1757 CVE-2012-1756 CVE-2012-1734 CVE-2012-1689

Vulmon Search

About

Products

Connect

CVE-2012-1735 CVE-2012-0540 CVE-2012-1757 CVE-2012-1756 CVE-2012-1734 CVE-2012-1689

Debian Bug report logs - #682210 CVE-2012-1735 CVE-2012-0540 CVE-2012-1757 CVE-2012-1756 CVE-2012-1734 CVE-2012-1689

Vulmon Search

About

Products

Connect

Debian Bug report logs - #682210
CVE-2012-1735 CVE-2012-0540 CVE-2012-1757 CVE-2012-1756 CVE-2012-1734 CVE-2012-1689