Debian Bug report logs -
#887477
mysql-5.7: Security fixes from the January 2018 CPU
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 17 Jan 2018 06:09:04 UTC
Severity: grave
Tags: security, upstream
Found in version mysql-5.7/5.7.20-1
Fixed in version mysql-5.7/5.7.21-1
Done: Lars Tangvald <lars.tangvald@oracle.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#887477; Package src:mysql-5.7.
(Wed, 17 Jan 2018 06:09:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>.
(Wed, 17 Jan 2018 06:09:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.7
Version: 5.7.20-1
Severity: grave
Tags: security upstream
Hi
See
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
for a list of CVEs affecting it and
https://security-tracker.debian.org/mysql-5.7.
Regards,
Salvatore
Reply sent
to Lars Tangvald <lars.tangvald@oracle.com>:
You have taken responsibility.
(Wed, 31 Jan 2018 13:09:09 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 31 Jan 2018 13:09:09 GMT) (full text, mbox, link).
Message #10 received at 887477-close@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.7
Source-Version: 5.7.21-1
We believe that the bug you reported is fixed in the latest version of
mysql-5.7, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 887477@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lars Tangvald <lars.tangvald@oracle.com> (supplier of updated mysql-5.7 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 19 Jan 2018 08:13:12 +0100
Source: mysql-5.7
Binary: libmysqlclient20 libmysqld-dev libmysqlclient-dev mysql-client-core-5.7 mysql-client-5.7 mysql-server-core-5.7 mysql-server-5.7 mysql-server mysql-client mysql-testsuite mysql-testsuite-5.7 mysql-source-5.7
Architecture: source
Version: 5.7.21-1
Distribution: unstable
Urgency: high
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Lars Tangvald <lars.tangvald@oracle.com>
Description:
libmysqlclient-dev - MySQL database development files
libmysqlclient20 - MySQL database client library
libmysqld-dev - MySQL embedded database development files
mysql-client - MySQL database client (metapackage depending on the latest versio
mysql-client-5.7 - MySQL database client binaries
mysql-client-core-5.7 - MySQL database core client binaries
mysql-server - MySQL database server (metapackage depending on the latest versio
mysql-server-5.7 - MySQL database server binaries and system database setup
mysql-server-core-5.7 - MySQL database server binaries
mysql-source-5.7 - MySQL source
mysql-testsuite - MySQL regression tests
mysql-testsuite-5.7 - MySQL 5.7 testsuite
Closes: 887477
Changes:
mysql-5.7 (5.7.21-1) unstable; urgency=high (security fixes)
.
* Imported upstream version 5.7.21 to fix security issues:
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- CVE-2018-2562 CVE-2018-2565 CVE-2018-2573 CVE-2018-2576
- CVE-2018-2583 CVE-2018-2586 CVE-2018-2590 CVE-2018-2591
- CVE-2018-2600 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640
- CVE-2018-2645 CVE-2018-2646 CVE-2018-2647 CVE-2018-2665
- CVE-2018-2667 CVE-2018-2668 CVE-2018-2696 CVE-2018-2703
- CVE-2017-3737
(Closes: #887477)
Checksums-Sha1:
8a5ff3493435e5394daceeefce432ae8782d13e2 3252 mysql-5.7_5.7.21-1.dsc
63b07cfd33d494b223e9b4d73492d3508834abd0 48931457 mysql-5.7_5.7.21.orig.tar.gz
a576fd9f138cdc94490002721641c51b5f80a663 153668 mysql-5.7_5.7.21-1.debian.tar.xz
Checksums-Sha256:
315114fd47fab2dff9632256c582343550da50895df6633bff109abb1deca2e0 3252 mysql-5.7_5.7.21-1.dsc
ad29ecb6fb3c3571394fe231633a2d1d188d49e9eb749daa4e8799b7630daa09 48931457 mysql-5.7_5.7.21.orig.tar.gz
9a375e417dd966652b202792b6ab3695262bba32ae49fb2f430ab67405588cd3 153668 mysql-5.7_5.7.21-1.debian.tar.xz
Files:
7bbe9ef368bdffd60e1f715aeee3f2f2 3252 database optional mysql-5.7_5.7.21-1.dsc
27313ded360f39f237e99404666bc448 48931457 database optional mysql-5.7_5.7.21.orig.tar.gz
06c60390c5d24f8610389d7de24b2db2 153668 database optional mysql-5.7_5.7.21-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJacbknAAoJEOVkucJ1vdUuDX8P/iku+UgvbPmY3ErRlLJGvNTZ
kiOURRGcTqUUclzF8sHq7s3ZipazWMjuWcyuEM/OaUvLqAvSxjs5cShXTQc80l2q
htAm++gXxzlMN1wgoEjfuchpYF5nni3tCj9zEcEguyPnwgmv0+SjnmClEjsFA1MS
8lnwbf+AQKnRAPGUC7iQcT1b34MIbFbjQBCtJ3aWsO1sBsXa6qgsiw80J8GGG73/
XTCYsOMRzjM6BzgaX9EiE35MNJShi94FpTbWNaMlRdPQ12zVbq0HnXecHnTbBu5C
/NmLebb6+Yys3ryUDOibuEgxtkE58dyjZhnX1RoTMb3Dcxa3MgUP1X1tM+enj+JO
SnFZXTMfUH49CxmGNx5CJ67GWAL2xpyEQAo7In+Wt30JvrSJJJ1Q/n1EY6XU+0g/
iT9Svriisy6Pc/SCqXEm8oA6TQ8fhSdJHwavOTfkiahJyI89NBAj+5QtkdP00+G5
+yGf3dYd5Jj1yoYva0ZpeFTY1HwlQOOMAS6KGGlPmymZWtY89JzfKSUmML0MZOeM
RMmm4gBnd/KAwwbD9AzQBHfRd+uTScZHaVsIrqMzHhiCeXX88dkv0OGeA6iW20pm
/V4McZ/j36TWmuPqcbLrEFJsFRKdVsfHoVkU/ygi8BUf/LoZHLQBz4o7lxmI3HAO
Bi6ojKpHfHjeN7nMIA29
=P2hh
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 01 Mar 2018 07:28:22 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:43:28 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon