Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

mysql-5.7: Security fixes from the April 2019 CPU

Related Vulnerabilities: CVE-2019-1559   CVE-2019-2566   CVE-2019-2581   CVE-2019-2592   CVE-2019-2614   CVE-2019-2627   CVE-2019-2628   CVE-2019-2632   CVE-2019-2683   CVE-2018-3123  

Source

Debian Bug report logs - #927308
mysql-5.7: Security fixes from the April 2019 CPU

version graph

Package: src:mysql-5.7; Maintainer for src:mysql-5.7 is Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Wed, 17 Apr 2019 19:57:02 UTC

Severity: grave

Tags: security, upstream

Found in version mysql-5.7/5.7.25-1

Fixed in version mysql-5.7/5.7.26-1

Done: Lars Tangvald <lars.tangvald@oracle.com>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#927308; Package src:mysql-5.7. (Wed, 17 Apr 2019 19:57:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>. (Wed, 17 Apr 2019 19:57:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: mysql-5.7: Security fixes from the April 2019 CPU
Date: Wed, 17 Apr 2019 21:53:19 +0200
Source: mysql-5.7
Version: 5.7.25-1
Severity: grave
Tags: security upstream

Hi

See
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
for a list of CVEs affecting src:mysql-5.7.

Regards,
Salvatore

Reply sent to Lars Tangvald <lars.tangvald@oracle.com>:
You have taken responsibility. (Wed, 19 Jun 2019 11:09:03 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Wed, 19 Jun 2019 11:09:03 GMT) (full text, mbox, link).

Message #10 received at 927308-close@bugs.debian.org (full text, mbox, reply):

From: Lars Tangvald <lars.tangvald@oracle.com>
To: 927308-close@bugs.debian.org
Subject: Bug#927308: fixed in mysql-5.7 5.7.26-1
Date: Wed, 19 Jun 2019 11:08:21 +0000
Source: mysql-5.7
Source-Version: 5.7.26-1

We believe that the bug you reported is fixed in the latest version of
mysql-5.7, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 927308@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lars Tangvald <lars.tangvald@oracle.com> (supplier of updated mysql-5.7 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 14 Jun 2019 07:59:19 +0200
Source: mysql-5.7
Binary: libmysqlclient20 libmysqld-dev libmysqlclient-dev mysql-client-core-5.7 mysql-client-5.7 mysql-server-core-5.7 mysql-server-5.7 mysql-server mysql-client mysql-testsuite mysql-testsuite-5.7 mysql-source-5.7
Architecture: source
Version: 5.7.26-1
Distribution: unstable
Urgency: high
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Lars Tangvald <lars.tangvald@oracle.com>
Description:
 libmysqlclient-dev - MySQL database development files
 libmysqlclient20 - MySQL database client library
 libmysqld-dev - MySQL embedded database development files
 mysql-client - MySQL database client (metapackage depending on the latest versio
 mysql-client-5.7 - MySQL database client binaries
 mysql-client-core-5.7 - MySQL database core client binaries
 mysql-server - MySQL database server (metapackage depending on the latest versio
 mysql-server-5.7 - MySQL database server binaries and system database setup
 mysql-server-core-5.7 - MySQL database server binaries
 mysql-source-5.7 - MySQL source
 mysql-testsuite - MySQL regression tests
 mysql-testsuite-5.7 - MySQL 5.7 testsuite
Closes: 927308
Changes:
 mysql-5.7 (5.7.26-1) unstable; urgency=high (security fixes)
 .
   * Imported upstream version 5.7.26 to fix security issues:
     - https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
     - CVE-2019-1559 CVE-2019-2566 CVE-2019-2581 CVE-2019-2592
     - CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 CVE-2019-2632
     - CVE-2019-2683 CVE-2018-3123
     (Closes: #927308)
   * Disable unstable test xa_prepared_binlog_off for dep8
   * d/patches: Remove fix-mysqldump-test-dates
     The issue has been resolved upstream
   * d/control: Add build-dep on pkg-config to fix FTBFS
Checksums-Sha1:
 6d8c865e5301a2d626d8582301c00d046b2de64e 3241 mysql-5.7_5.7.26-1.dsc
 d92843355a8af65d45305a888eeca4a28ba90c32 51098338 mysql-5.7_5.7.26.orig.tar.gz
 77f294a36e7ca364c24414cdbeb85ba538feb8db 156212 mysql-5.7_5.7.26-1.debian.tar.xz
Checksums-Sha256:
 b5385257f0d9e67b971289667ccbf5b8b3e7120e88e7502065f1c385a35ab1fe 3241 mysql-5.7_5.7.26-1.dsc
 effca6d3aceebc286a9fb046257330d125cc2f4def87081c286bfc4df3d974d1 51098338 mysql-5.7_5.7.26.orig.tar.gz
 208bc7455bf0048e791910208bc3f061baa8e110dc6209fe2446ad96b35a8158 156212 mysql-5.7_5.7.26-1.debian.tar.xz
Files:
 2772441b03dd79dcce625e5c1306995d 3241 database optional mysql-5.7_5.7.26-1.dsc
 0fb4db48959b0e05a7dba0bbfbb4f8ca 51098338 database optional mysql-5.7_5.7.26.orig.tar.gz
 f39686200ad6a31b5ae70d3256c8200c 156212 database optional mysql-5.7_5.7.26-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJdCg/VAAoJEOVkucJ1vdUuo3gQAI5jIgvrq1km5rOUaw6x/LA8
jNs0CKzLbQW9qxFI+4lqleANPgDF9FwqENOFKr4eNUdet5cbd2UL6fMAsJFp2eys
aXrxASNMHEUSXCWFkP5ceNDus68rRpn/mAlvhQTUSAf6q7l6aMNnrhhcxK5G2eh5
X4CUN20Iu7QUrT+Ssmy3dLScsMXbVm/tGNNg7TM+ZPH5x9af73cnJlMkEiQOxxQ/
XUEJFN5SrEV008ntK3Tz3W5ILV6dlkaGlB3Q22J1K5YUiJVpYlvCQvW7a5MqJPpx
aG97cFSTtg3VWu83xpnWWABuoV7DgzlHaDXDClYw4zbUxMsl3pyRs6ioDPVM9KZj
F3guXEVQ8qzVwcswek/++1i4/syzAkQOyI32Lxsz4rA3t7d3C5crD/FXmKCfQxSk
VAciuvCP8AtDLfS1G0zV0SQjHk2AgaB1fcH8mQzyGVqBnAaG+tPwrUpeUixPZxWw
Cp7AH7hXpd0N3qJwdVnEHiAmfZMLBkReh9L2VZEwQzvH/hRXXZi1MmBAwgPz0EvX
jJ7u0EOb+w555J13/ThAOsjLeyUDVN0N1qVFNUhICJTf4siF/2b8/LJxMfd4coe1
0mIG55/2FFCrrD/zDAWFCcaPithNgIKjAAq5BTgm/RFDCxNK9Aawj45EKPzNceMt
2RvrgrIB7TdsKAWo7B2O
=osXy
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:38:04 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started