Debian Bug report logs -
#904121
mysql-5.7: Security fixes from the July 2018 CPU
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 20 Jul 2018 04:21:02 UTC
Severity: grave
Tags: security, upstream
Found in version mysql-5.7/5.7.21-1
Fixed in version mysql-5.7/5.7.23-1
Done: Lars Tangvald <lars.tangvald@oracle.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#904121
; Package src:mysql-5.7
.
(Fri, 20 Jul 2018 04:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Fri, 20 Jul 2018 04:21:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.7
Version: 5.7.21-1
Severity: grave
Tags: security upstream
Hi
Details at
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#904121
; Package src:mysql-5.7
.
(Fri, 20 Jul 2018 05:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Lars Tangvald <lars.tangvald@oracle.com>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Fri, 20 Jul 2018 05:57:03 GMT) (full text, mbox, link).
Message #10 received at 904121@bugs.debian.org (full text, mbox, reply):
Also note 5.7.23 has not yet been released (it will be out by the end of
the month).
--
Lars
On 07/20/2018 07:34 AM, Lars Tangvald wrote:
> Correction: This should be for 5.7.22, I think.
>
> CVE List:
>
> CVE-2018-0739
> CVE-2018-2767
> CVE-2018-3054
> CVE-2018-3056
> CVE-2018-3058
> CVE-2018-3060
> CVE-2018-3061
> CVE-2018-3062
> CVE-2018-3064
> CVE-2018-3065
> CVE-2018-3066
> CVE-2018-3070
> CVE-2018-3071
> CVE-2018-3077
> CVE-2018-3081
>
> --
> Lars
> On 07/20/2018 06:16 AM, Salvatore Bonaccorso wrote:
>> Source: mysql-5.7
>> Version: 5.7.21-1
>> Severity: grave
>> Tags: security upstream
>>
>> Hi
>>
>> Details at
>> http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL
>>
>>
>> Regards,
>> Salvatore
>>
>> _______________________________________________
>> pkg-mysql-maint mailing list
>> pkg-mysql-maint@alioth-lists.debian.net
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__alioth-2Dlists.debian.net_cgi-2Dbin_mailman_listinfo_pkg-2Dmysql-2Dmaint&d=DwIGaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=M-8dedO8w3Vlx9Nb3v_HN_eQTPKU36yJj5mmQmreYMQ&m=Tq3zgUxLP9VPxRizyk970lApjdVTW2UvIdYPB8mMBTg&s=DzD9IdE2F3yP_VZ3HIvzbNqu8L292dV2gc4xenDaLZw&e=
>>
>
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#904121
; Package src:mysql-5.7
.
(Fri, 20 Jul 2018 07:21:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Lars Tangvald <lars.tangvald@oracle.com>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Fri, 20 Jul 2018 07:21:03 GMT) (full text, mbox, link).
Message #15 received at 904121@bugs.debian.org (full text, mbox, reply):
Correction: This should be for 5.7.22, I think.
CVE List:
CVE-2018-0739
CVE-2018-2767
CVE-2018-3054
CVE-2018-3056
CVE-2018-3058
CVE-2018-3060
CVE-2018-3061
CVE-2018-3062
CVE-2018-3064
CVE-2018-3065
CVE-2018-3066
CVE-2018-3070
CVE-2018-3071
CVE-2018-3077
CVE-2018-3081
--
Lars
On 07/20/2018 06:16 AM, Salvatore Bonaccorso wrote:
> Source: mysql-5.7
> Version: 5.7.21-1
> Severity: grave
> Tags: security upstream
>
> Hi
>
> Details at
> http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL
>
> Regards,
> Salvatore
>
> _______________________________________________
> pkg-mysql-maint mailing list
> pkg-mysql-maint@alioth-lists.debian.net
> https://urldefense.proofpoint.com/v2/url?u=https-3A__alioth-2Dlists.debian.net_cgi-2Dbin_mailman_listinfo_pkg-2Dmysql-2Dmaint&d=DwIGaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=M-8dedO8w3Vlx9Nb3v_HN_eQTPKU36yJj5mmQmreYMQ&m=Tq3zgUxLP9VPxRizyk970lApjdVTW2UvIdYPB8mMBTg&s=DzD9IdE2F3yP_VZ3HIvzbNqu8L292dV2gc4xenDaLZw&e=
Reply sent
to Lars Tangvald <lars.tangvald@oracle.com>
:
You have taken responsibility.
(Fri, 03 Aug 2018 15:09:07 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Fri, 03 Aug 2018 15:09:07 GMT) (full text, mbox, link).
Message #20 received at 904121-close@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.7
Source-Version: 5.7.23-1
We believe that the bug you reported is fixed in the latest version of
mysql-5.7, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 904121@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lars Tangvald <lars.tangvald@oracle.com> (supplier of updated mysql-5.7 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Jul 2018 09:13:54 +0200
Source: mysql-5.7
Binary: libmysqlclient20 libmysqld-dev libmysqlclient-dev mysql-client-core-5.7 mysql-client-5.7 mysql-server-core-5.7 mysql-server-5.7 mysql-server mysql-client mysql-testsuite mysql-testsuite-5.7 mysql-source-5.7
Architecture: source
Version: 5.7.23-1
Distribution: unstable
Urgency: high
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Lars Tangvald <lars.tangvald@oracle.com>
Description:
libmysqlclient-dev - MySQL database development files
libmysqlclient20 - MySQL database client library
libmysqld-dev - MySQL embedded database development files
mysql-client - MySQL database client (metapackage depending on the latest versio
mysql-client-5.7 - MySQL database client binaries
mysql-client-core-5.7 - MySQL database core client binaries
mysql-server - MySQL database server (metapackage depending on the latest versio
mysql-server-5.7 - MySQL database server binaries and system database setup
mysql-server-core-5.7 - MySQL database server binaries
mysql-source-5.7 - MySQL source
mysql-testsuite - MySQL regression tests
mysql-testsuite-5.7 - MySQL 5.7 testsuite
Closes: 904121
Changes:
mysql-5.7 (5.7.23-1) unstable; urgency=high (security fixes)
.
* Imported upstream version 5.7.23 to fix security issues:
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- CVE-2018-0739 CVE-2018-2767 CVE-2018-3054 CVE-2018-3056
- CVE-2018-3058 CVE-2018-3060 CVE-2018-3061 CVE-2018-3062
- CVE-2018-3064 CVE-2018-3065 CVE-2018-3066 CVE-2018-3070
- CVE-2018-3071 CVE-2018-3077 CVE-2018-3081
(Closes: #904121)
* Moved internal test binaries out of usr/bin
The client binaries mysqltest and mysql_client_test are only
meant to be used by the mysql test suite, and are no longer
installed in /usr/bin
Checksums-Sha1:
f6c1208522cb835aa3c7f1a9423e34299162753b 3240 mysql-5.7_5.7.23-1.dsc
e88edced7261412e66fc5570ed375bb3a36494bf 49025014 mysql-5.7_5.7.23.orig.tar.gz
d5bfaf65dd4ef45462e45b570b2c703b245eb181 154320 mysql-5.7_5.7.23-1.debian.tar.xz
Checksums-Sha256:
75eeffb07127f5369d8ba60817ea446e90ac30bd2b82e057d38224e64dd06f9e 3240 mysql-5.7_5.7.23-1.dsc
d05700ec5c1c6dae9311059dc1713206c29597f09dbd237bf0679b3c6438e87a 49025014 mysql-5.7_5.7.23.orig.tar.gz
4378e37edd7493a477c34682027a180b647a8d375083f6679bba918ab65c8305 154320 mysql-5.7_5.7.23-1.debian.tar.xz
Files:
a6168eba126fdbdac50cd4e7b80ccb4d 3240 database optional mysql-5.7_5.7.23-1.dsc
de108e7ff350aa10402a3e707a4b4c75 49025014 database optional mysql-5.7_5.7.23.orig.tar.gz
4b2329bca1e24e6659f829e95d9ae402 154320 database optional mysql-5.7_5.7.23-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJbZGr+AAoJEOVkucJ1vdUuJzAQAIv1dkBwme8gD9dOPW2p06Kn
rBEySXtWJ8xF6LhlZM95MwADYlXIhAQrRuVu9a26IXEEh4A7PUQWxnqkXeOlszYp
kjIIg0OGp/FNkB0i5AaC1rKBOKa/vwXpu6WXdMzI9f25NFwJ6lHgkovd1NNBwVqC
tTS1pgYPQUuWuQAfHh/TJlTvXdJaAKHF+1nnMS/sCCCq0bM2OothzasZezZBc/1W
2P26VjmCaDaMWcT18xkCmTBjLHoZY1DhsAGyEs7ugNJtPvgoMpFoDaNmtk69vrwk
fuN7TWUYyuzS9lTo2CFVFeFBN7zFI2mUSHVo2UF3I784eLk9NQEkB7KDh+mHB23X
iO2CzM9tFB4Gi6HCJzcFLqS50GPPnPDld2RrdYq4zsQjjupnQPl93aPDIYndAnhg
L1C30LCnGBVVQPbwkl9aO+dZ/eppQoHzuVH88Zy9auTydqGHIDMgL46b0ZdcX99T
hESOVC7NtlMFNjhm9AFS5h4mH+Dnc0lwOwn1amfeVMCTeJTmBETiJbpSq12BdK0c
WR0AXqacrx8jCVfMTN7wvWYq0sH5tQ/fmDtNfw9Nt04BGNv383e5qHsrKSOngJzJ
4yOgKd+n6UxGHb8p9sBVPBx4ePyvhfiQdBMmadqZvsOACww5VYBdiZ5nLb5t80UN
cFDfDa7SwX1EcORD7ib7
=/3I7
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 01 Sep 2018 07:26:52 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:56:06 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.