Debian Bug report logs -
#744910
mysql-5.5: Oracle SPU April 2014
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 16 Apr 2014 07:12:07 UTC
Severity: grave
Tags: security
Fixed in versions 5.5.37-0+wheezy1, mysql-5.5/5.5.37-1
Done: James Page <jamespage@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#744910
; Package mysql-5.5
.
(Wed, 16 Apr 2014 07:12:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Wed, 16 Apr 2014 07:12:12 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: mysql-5.5
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#744910
; Package mysql-5.5
.
(Wed, 16 Apr 2014 20:30:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Wed, 16 Apr 2014 20:30:04 GMT) (full text, mbox, link).
Message #10 received at 744910@bugs.debian.org (full text, mbox, reply):
Control: clone 744910 -1
Control: reassign -1 src:mysql-5.6
Control: retitle -1 mysql-5.6: Oracle SPU April 2014
On Wed, Apr 16, 2014 at 08:58:48AM +0200, Moritz Muehlenhoff wrote:
> Package: mysql-5.5
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi,
> please see http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Cloning and reassigning this also to the src:mysql-5.6 source package
as some of the CVEs also affect explicitly mysql-5.6.
Regards,
Salvatore
Bug 744910 cloned as bug 744970
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 744910-submit@bugs.debian.org
.
(Wed, 16 Apr 2014 20:30:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#744910
; Package mysql-5.5
.
(Sun, 20 Apr 2014 14:57:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Sun, 20 Apr 2014 14:57:09 GMT) (full text, mbox, link).
Message #17 received at 744910@bugs.debian.org (full text, mbox, reply):
Control: clone 744910 -1
Control: reassign -1 src:mariadb-5.5
Control: retitle -1 Corresponding MariaDB CVEs for Oracle SPU April 2014
On Wed, Apr 16, 2014 at 08:58:48AM +0200, Moritz Muehlenhoff wrote:
> Package: mysql-5.5
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi,
> please see http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Cloning also for mariadb-5.5 source package. See also [1].
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1088234
Regards,
Salvatore
Bug 744910 cloned as bug 745330
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 744910-submit@bugs.debian.org
.
(Sun, 20 Apr 2014 14:57:10 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#744910
; Package mysql-5.5
.
(Sun, 20 Apr 2014 15:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Otto Kekäläinen <otto@seravo.fi>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Sun, 20 Apr 2014 15:39:04 GMT) (full text, mbox, link).
Message #24 received at 744910@bugs.debian.org (full text, mbox, reply):
MariaDB 5.5.37 has been in upload ready since Friday, but my sponsor
isn't available right now and I don't have upload permissions.
All builds and test suites pass as seen in logs at
http://buildbot.askmonty.org/buildbot/builders/debpkg-sid
http://buildbot.askmonty.org/buildbot/builders/debpkg-trusty
https://launchpad.net/~mysql-ubuntu/+archive/mariadb/+builds?build_text=&build_state=all
For my part security team is free to pull from
git.debian.org/pkg-mysql/mariadb-5.5.git and upload.
--
Check out our blog at http://seravo.fi/blog
and follow @ottokekalainen
Reply sent
to James Page <jamespage@debian.org>
:
You have taken responsibility.
(Thu, 24 Apr 2014 21:46:19 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Bug acknowledged by developer.
(Thu, 24 Apr 2014 21:46:19 GMT) (full text, mbox, link).
Message #29 received at 744910-close@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.5
Source-Version: 5.5.37-1
We believe that the bug you reported is fixed in the latest version of
mysql-5.5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 744910@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James Page <jamespage@debian.org> (supplier of updated mysql-5.5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 24 Apr 2014 18:03:59 +0100
Source: mysql-5.5
Binary: libmysqlclient18 libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 mysql-server mysql-client mysql-testsuite mysql-testsuite-5.5 mysql-source-5.5
Architecture: source all amd64
Version: 5.5.37-1
Distribution: unstable
Urgency: medium
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: James Page <jamespage@debian.org>
Description:
libmysqlclient-dev - MySQL database development files
libmysqlclient18 - MySQL database client library
libmysqld-dev - MySQL embedded database development files
libmysqld-pic - PIC version of MySQL embedded server development files
mysql-client - MySQL database client (metapackage depending on the latest versio
mysql-client-5.5 - MySQL database client binaries
mysql-common - MySQL database common files, e.g. /etc/mysql/my.cnf
mysql-server - MySQL database server (metapackage depending on the latest versio
mysql-server-5.5 - MySQL database server binaries and system database setup
mysql-server-core-5.5 - MySQL database server binaries
mysql-source-5.5 - MySQL source
mysql-testsuite - MySQL testsuite
mysql-testsuite-5.5 - MySQL testsuite
Closes: 736087 737596 739846 744910
Changes:
mysql-5.5 (5.5.37-1) unstable; urgency=medium
.
* SECURITY UPDATE: Update to 5.5.37 to fix security issues (Closes: #744910)
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- CVE-2014-0001 (Closes: #737596).
- CVE-2014-0384
- CVE-2014-2419
- CVE-2014-2430
- CVE-2014-2431
- CVE-2014-2432
- CVE-2014-2436
- CVE-2014-2438
- CVE-2014-2440
* d/mysql-server-5.5.mysql.init: Fixup indentation on previous change
(Closes: #739846).
* d/rules: Always install apparmor profile, not just on Ubuntu
(Closes: #736087).
* d/control: Update for use of virtual-* packages for switching to/from
MySQL alternatives.
* d/watch,repack.*: Drop repackaging as upstream tarball is now DFSG
compliant.
Checksums-Sha1:
fe7a50183d61a87d1a81d4c92e1079780145cc23 3069 mysql-5.5_5.5.37-1.dsc
b5f15ff72c86358693c250203e7cb9c20fbe5f7f 21718944 mysql-5.5_5.5.37.orig.tar.gz
1c622298ac9fbf129193941fdfa5dec5f111b2ce 230984 mysql-5.5_5.5.37-1.debian.tar.xz
47f997840bde746e2501495ab6fbffb928f0f83b 83660 mysql-common_5.5.37-1_all.deb
b3fd0d4a18a00c6e3c7acff566dbb4543ec53091 81964 mysql-server_5.5.37-1_all.deb
b5a6580404db472053af2263df4d3aaacedb4ac3 81836 mysql-client_5.5.37-1_all.deb
fd3f2a2c343908f25ac22b5df81f789cad4da88e 81812 mysql-testsuite_5.5.37-1_all.deb
4679c0f63e3438a52cb4100b7c82e3bba5df3fc5 664450 libmysqlclient18_5.5.37-1_amd64.deb
d61e0e109a204071f8457fa4857d4a2e55485045 3126474 libmysqld-pic_5.5.37-1_amd64.deb
12bd754e9887e9e11be8e2bce61b434f9347b46b 3124514 libmysqld-dev_5.5.37-1_amd64.deb
c839dcaedc26b625df0694c295a1f4c914d3c7a9 935426 libmysqlclient-dev_5.5.37-1_amd64.deb
0823fd4b03df351a93ab5897e558dce4c9d4786e 1659676 mysql-client-5.5_5.5.37-1_amd64.deb
2022a20f3dfc7edf7f7b2980c065b5e9914ee9cb 3259184 mysql-server-core-5.5_5.5.37-1_amd64.deb
bd84664994cb83eed598736fb798e4cfa1a8a529 2081858 mysql-server-5.5_5.5.37-1_amd64.deb
c636812cf970f0058ecbf770260bc03c8a6bcd58 4303406 mysql-testsuite-5.5_5.5.37-1_amd64.deb
b40faf2bf20e6bdc703c7fdcdf80b06bbae0ef84 22977166 mysql-source-5.5_5.5.37-1_amd64.deb
Checksums-Sha256:
0dfb0f849c89c89832e1144f48c116273ab5bbffeaf1fc7ec63bf1eb455f33c2 3069 mysql-5.5_5.5.37-1.dsc
da1ac0a3813d0b03a26618fcf003a5df16a4afc2dddc0c98b13f41923aab02a8 21718944 mysql-5.5_5.5.37.orig.tar.gz
9a58eaffc9734ef16f015e129147eb3808d3f6bb2d3163f62b323dda48b44141 230984 mysql-5.5_5.5.37-1.debian.tar.xz
55c9e21b9e69feab674a0df8861c67892f45b568555c45f8cfe9a211af1df4b6 83660 mysql-common_5.5.37-1_all.deb
956d33636535d4ec5aa35815885f05f6165fedd4f623048169db2b22c1855a6e 81964 mysql-server_5.5.37-1_all.deb
41649cba6b78978cc84914eb575540ee8495c9d67359c3ea8d9a18a1fa74c1f2 81836 mysql-client_5.5.37-1_all.deb
e4fe8604f3a0492c9126311c029f370841b3583b06d0e43f58dbcf0ed466ea5f 81812 mysql-testsuite_5.5.37-1_all.deb
0f1133c12a39208ec970c00587ca9158b08e76373bd87d087a4e49fda9624b7c 664450 libmysqlclient18_5.5.37-1_amd64.deb
9ea7002ef6a8c931bdab1585e944c6dcbc8b2bafb56c58053e448df72d94c46c 3126474 libmysqld-pic_5.5.37-1_amd64.deb
38a6ce784aee7cbbfd015401b22caeb64f8e77716c571ca3184e8607f870622f 3124514 libmysqld-dev_5.5.37-1_amd64.deb
652a2d84d2452e2d5343b554cd7be1719e1ee027d30e89cfaeeafc875eb94205 935426 libmysqlclient-dev_5.5.37-1_amd64.deb
c6d93cf57f89aa889be117815c8b2c885f917700dd0ac7d95b51896bc4e9c219 1659676 mysql-client-5.5_5.5.37-1_amd64.deb
76549c2cdd3c1f433b91a0d8fc3f39173a9bd7536244fb20aab4bd1bcfb87503 3259184 mysql-server-core-5.5_5.5.37-1_amd64.deb
e923129aa968f2f7a061c18776e12aaa10497a3221c6f369076ec022b61c81be 2081858 mysql-server-5.5_5.5.37-1_amd64.deb
897b4ff492f55c586f3012b7433e7b109beedbdfee86d64f68c0b6314ed1edd0 4303406 mysql-testsuite-5.5_5.5.37-1_amd64.deb
4a573f6b2c8e1adbe1dbb6fd117e6592a2bac289c64b2e8afb118524084c1020 22977166 mysql-source-5.5_5.5.37-1_amd64.deb
Files:
f9b97fc8e1d86d91322340a1b648f2fe 83660 database optional mysql-common_5.5.37-1_all.deb
7a037667fcea4f9f33311110cce33f2a 81964 database optional mysql-server_5.5.37-1_all.deb
f06bcd4d3dd39232da62b21ea465796a 81836 database optional mysql-client_5.5.37-1_all.deb
9e3f89b194d41546c65012398a3904ea 81812 database optional mysql-testsuite_5.5.37-1_all.deb
fffc96e5921b15f90fbef1473622c9bb 664450 libs optional libmysqlclient18_5.5.37-1_amd64.deb
30dd1d1d5e2877d6f4d7b93f1d2c4f8b 3126474 libdevel optional libmysqld-pic_5.5.37-1_amd64.deb
bed77c55c1e4ea86e41cc87198210717 3124514 libdevel optional libmysqld-dev_5.5.37-1_amd64.deb
32ab95fae98aa7d372a56c3a1f45ca12 935426 libdevel optional libmysqlclient-dev_5.5.37-1_amd64.deb
12f8c73dc822cc6c867b709baf7bf3d4 1659676 database optional mysql-client-5.5_5.5.37-1_amd64.deb
8484b87f9bfdec5fc18c097e4d407a3e 3259184 database optional mysql-server-core-5.5_5.5.37-1_amd64.deb
9339ef53888fce100792d640789e49f0 2081858 database optional mysql-server-5.5_5.5.37-1_amd64.deb
2b902d0182b883efe0b2e089e839f4b8 4303406 database optional mysql-testsuite-5.5_5.5.37-1_amd64.deb
5aff427369789a0c2f9f34aaa28b685f 22977166 database optional mysql-source-5.5_5.5.37-1_amd64.deb
5beb7a6731bcb220d3063b0b032df161 3069 database optional mysql-5.5_5.5.37-1.dsc
bf1d80c66d4822ec6036300399a33c03 21718944 database optional mysql-5.5_5.5.37.orig.tar.gz
d5aa1c455074982cb9c10bc416e725b7 230984 database optional mysql-5.5_5.5.37-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJTWXVVAAoJEL/srsug59jDq/QP/ROmmEScF0Uv89//Q2L9d7Ee
4UE39j3KCMwpeywZZw+8FFBCZlQUjMZWdFgYYxhQaz1f3Ow1lANrOxJaenVa9H0D
EkUC++kLAW7Ka4b+NdWuOlDbW1OeaxWyqVkF7vkPVDSf8CNg2Z5OqD69N4yy1NFV
h0Jcs1QEAmzjQOI6j0568CI1umej1FLMo8J+1jlqbNoGA2V1ZEwt0FZ09eE7x/zD
GpICqEckLQFtUEFp+qKjX0uavqGaEQ5g6+FAz9bf0rb5/IYj3E8uE+Ia9TevhUEl
BPYvk/ONBktJF8UPujY7OQGK17zJIKAa2dAZSbc+J5z6jwvjpikxFsTqI35NQqC7
N9dUHpmIYFbrIvRRlhEM7pWdGUK5fQ1Vm+UNlBkkQ4fj3RWy4u3KVXfv6yTrII1j
r0mR1crDvw4XUhxFxvs1mEcyx2PLg2omYcM6z/ldhEWgSK8mPzDdEHRvk5O+gkNf
K8Eatec/Ne0+C42NqZC1fuheDd3uRZH++6NCyjn0fbkHn2IfHCs434yDKMdRHPUg
1XciaEctF/9uOohbrqvLD135/1m1y1na7H7uoukczIRvN/xWyeHbnI4vlNo5Rt45
5M9hJHmPqymKragybzwB0F/mPycQMI1qaU8xwwoGtRWHkjyHKE8bJhIy0eLNlR1E
xoqzGTR5/d1UQRLqGKun
=48WX
-----END PGP SIGNATURE-----
Marked as fixed in versions 5.5.37-0+wheezy1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 03 May 2014 08:09:09 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 13 Jul 2014 07:25:52 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:39:37 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.