Debian Bug report logs -
#927308
mysql-5.7: Security fixes from the April 2019 CPU
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 17 Apr 2019 19:57:02 UTC
Severity: grave
Tags: security, upstream
Found in version mysql-5.7/5.7.25-1
Fixed in version mysql-5.7/5.7.26-1
Done: Lars Tangvald <lars.tangvald@oracle.com>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#927308
; Package src:mysql-5.7
.
(Wed, 17 Apr 2019 19:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Wed, 17 Apr 2019 19:57:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.7
Version: 5.7.25-1
Severity: grave
Tags: security upstream
Hi
See
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
for a list of CVEs affecting src:mysql-5.7.
Regards,
Salvatore
Reply sent
to Lars Tangvald <lars.tangvald@oracle.com>
:
You have taken responsibility.
(Wed, 19 Jun 2019 11:09:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Wed, 19 Jun 2019 11:09:03 GMT) (full text, mbox, link).
Message #10 received at 927308-close@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.7
Source-Version: 5.7.26-1
We believe that the bug you reported is fixed in the latest version of
mysql-5.7, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 927308@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lars Tangvald <lars.tangvald@oracle.com> (supplier of updated mysql-5.7 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 14 Jun 2019 07:59:19 +0200
Source: mysql-5.7
Binary: libmysqlclient20 libmysqld-dev libmysqlclient-dev mysql-client-core-5.7 mysql-client-5.7 mysql-server-core-5.7 mysql-server-5.7 mysql-server mysql-client mysql-testsuite mysql-testsuite-5.7 mysql-source-5.7
Architecture: source
Version: 5.7.26-1
Distribution: unstable
Urgency: high
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Lars Tangvald <lars.tangvald@oracle.com>
Description:
libmysqlclient-dev - MySQL database development files
libmysqlclient20 - MySQL database client library
libmysqld-dev - MySQL embedded database development files
mysql-client - MySQL database client (metapackage depending on the latest versio
mysql-client-5.7 - MySQL database client binaries
mysql-client-core-5.7 - MySQL database core client binaries
mysql-server - MySQL database server (metapackage depending on the latest versio
mysql-server-5.7 - MySQL database server binaries and system database setup
mysql-server-core-5.7 - MySQL database server binaries
mysql-source-5.7 - MySQL source
mysql-testsuite - MySQL regression tests
mysql-testsuite-5.7 - MySQL 5.7 testsuite
Closes: 927308
Changes:
mysql-5.7 (5.7.26-1) unstable; urgency=high (security fixes)
.
* Imported upstream version 5.7.26 to fix security issues:
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- CVE-2019-1559 CVE-2019-2566 CVE-2019-2581 CVE-2019-2592
- CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 CVE-2019-2632
- CVE-2019-2683 CVE-2018-3123
(Closes: #927308)
* Disable unstable test xa_prepared_binlog_off for dep8
* d/patches: Remove fix-mysqldump-test-dates
The issue has been resolved upstream
* d/control: Add build-dep on pkg-config to fix FTBFS
Checksums-Sha1:
6d8c865e5301a2d626d8582301c00d046b2de64e 3241 mysql-5.7_5.7.26-1.dsc
d92843355a8af65d45305a888eeca4a28ba90c32 51098338 mysql-5.7_5.7.26.orig.tar.gz
77f294a36e7ca364c24414cdbeb85ba538feb8db 156212 mysql-5.7_5.7.26-1.debian.tar.xz
Checksums-Sha256:
b5385257f0d9e67b971289667ccbf5b8b3e7120e88e7502065f1c385a35ab1fe 3241 mysql-5.7_5.7.26-1.dsc
effca6d3aceebc286a9fb046257330d125cc2f4def87081c286bfc4df3d974d1 51098338 mysql-5.7_5.7.26.orig.tar.gz
208bc7455bf0048e791910208bc3f061baa8e110dc6209fe2446ad96b35a8158 156212 mysql-5.7_5.7.26-1.debian.tar.xz
Files:
2772441b03dd79dcce625e5c1306995d 3241 database optional mysql-5.7_5.7.26-1.dsc
0fb4db48959b0e05a7dba0bbfbb4f8ca 51098338 database optional mysql-5.7_5.7.26.orig.tar.gz
f39686200ad6a31b5ae70d3256c8200c 156212 database optional mysql-5.7_5.7.26-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJdCg/VAAoJEOVkucJ1vdUuo3gQAI5jIgvrq1km5rOUaw6x/LA8
jNs0CKzLbQW9qxFI+4lqleANPgDF9FwqENOFKr4eNUdet5cbd2UL6fMAsJFp2eys
aXrxASNMHEUSXCWFkP5ceNDus68rRpn/mAlvhQTUSAf6q7l6aMNnrhhcxK5G2eh5
X4CUN20Iu7QUrT+Ssmy3dLScsMXbVm/tGNNg7TM+ZPH5x9af73cnJlMkEiQOxxQ/
XUEJFN5SrEV008ntK3Tz3W5ILV6dlkaGlB3Q22J1K5YUiJVpYlvCQvW7a5MqJPpx
aG97cFSTtg3VWu83xpnWWABuoV7DgzlHaDXDClYw4zbUxMsl3pyRs6ioDPVM9KZj
F3guXEVQ8qzVwcswek/++1i4/syzAkQOyI32Lxsz4rA3t7d3C5crD/FXmKCfQxSk
VAciuvCP8AtDLfS1G0zV0SQjHk2AgaB1fcH8mQzyGVqBnAaG+tPwrUpeUixPZxWw
Cp7AH7hXpd0N3qJwdVnEHiAmfZMLBkReh9L2VZEwQzvH/hRXXZi1MmBAwgPz0EvX
jJ7u0EOb+w555J13/ThAOsjLeyUDVN0N1qVFNUhICJTf4siF/2b8/LJxMfd4coe1
0mIG55/2FFCrrD/zDAWFCcaPithNgIKjAAq5BTgm/RFDCxNK9Aawj45EKPzNceMt
2RvrgrIB7TdsKAWo7B2O
=osXy
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:38:04 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.