Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

mysql-5.5: New security issues from October Patch Update

Related Vulnerabilities: CVE-2012-4414   CVE-2012-3163   CVE-2012-3158   CVE-2012-3177   CVE-2012-3147   CVE-2012-3166   CVE-2012-3173   CVE-2012-3144   CVE-2012-3150   CVE-2012-3180   CVE-2012-3149   CVE-2012-3156   CVE-2012-3167   CVE-2012-3197   CVE-2012-3160  

Source

Debian Bug report logs - #690778
mysql-5.5: New security issues from October Patch Update

version graph

Package: mysql-5.5; Maintainer for mysql-5.5 is Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Wed, 17 Oct 2012 13:36:02 UTC

Owned by: nicholas@periapt.co.uk

Severity: grave

Tags: security

Fixed in version mysql-5.5/5.5.28+dfsg-1

Done: Nicholas Bamber <nicholas@periapt.co.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#690778; Package mysql-5.5. (Wed, 17 Oct 2012 13:36:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>. (Wed, 17 Oct 2012 13:36:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: mysql-5.5: New security issues from October Patch Update
Date: Wed, 17 Oct 2012 15:30:19 +0200
Package: mysql-5.5
Severity: grave
Tags: security
Justification: user security hole

Due to the usual intransparency we'll again have to update to a new upstream
release in Wheezy and stable...

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Also, it's amazing how the managed to not fix CVE-2012-4414...

Cheers,
        Moritz

Owner recorded as nicholas@periapt.co.uk. Request was from Nicholas Bamber <nicholas@periapt.co.uk> to control@bugs.debian.org. (Wed, 17 Oct 2012 21:12:02 GMT) (full text, mbox, link).

Added tag(s) pending. Request was from Nicholas Bamber <periapt@alioth.debian.org> to control@bugs.debian.org. (Wed, 24 Oct 2012 05:54:03 GMT) (full text, mbox, link).

Reply sent to Nicholas Bamber <nicholas@periapt.co.uk>:
You have taken responsibility. (Mon, 29 Oct 2012 06:39:04 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Mon, 29 Oct 2012 06:39:04 GMT) (full text, mbox, link).

Message #14 received at 690778-close@bugs.debian.org (full text, mbox, reply):

From: Nicholas Bamber <nicholas@periapt.co.uk>
To: 690778-close@bugs.debian.org
Subject: Bug#690778: fixed in mysql-5.5 5.5.28+dfsg-1
Date: Mon, 29 Oct 2012 06:33:58 +0000
Source: mysql-5.5
Source-Version: 5.5.28+dfsg-1

We believe that the bug you reported is fixed in the latest version of
mysql-5.5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 690778@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nicholas Bamber <nicholas@periapt.co.uk> (supplier of updated mysql-5.5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 28 Oct 2012 09:22:24 +0000
Source: mysql-5.5
Binary: libmysqlclient18 libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 mysql-server mysql-client mysql-testsuite-5.5 mysql-source-5.5
Architecture: source all i386
Version: 5.5.28+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Nicholas Bamber <nicholas@periapt.co.uk>
Description: 
 libmysqlclient-dev - MySQL database development files
 libmysqlclient18 - MySQL database client library
 libmysqld-dev - MySQL embedded database development files
 libmysqld-pic - PIC version of MySQL embedded server development files
 mysql-client - MySQL database client (metapackage depending on the latest versio
 mysql-client-5.5 - MySQL database client binaries
 mysql-common - MySQL database common files, e.g. /etc/mysql/my.cnf
 mysql-server - MySQL database server (metapackage depending on the latest versio
 mysql-server-5.5 - MySQL database server binaries and system database setup
 mysql-server-core-5.5 - MySQL database server binaries
 mysql-source-5.5 - MySQL source
 mysql-testsuite-5.5 - MySQL testsuite
Closes: 690778
Changes: 
 mysql-5.5 (5.5.28+dfsg-1) unstable; urgency=low
 .
   * New upstream release (resolves CVE-2012-3163, CVE-2012-3158, CVE-2012-3177,
     CVE-2012-3147, CVE-2012-3166, CVE-2012-3173, CVE-2012-3144, CVE-2012-3150,
     CVE-2012-3180, CVE-2012-3149, CVE-2012-3156, CVE-2012-3167, CVE-2012-3197,
     CVE-2012-3160) (Closes: #690778)
   * Removed debian/patches/73_mysqlcheck_tests.patch and
     debian/patches/2_main_openssl_1.patch as they did not apply cleanly and did
     not seem to be required any longer
   * Refreshed patches and updated headers:
     - debian/patches/73_mysqlcheck_tests.patch
     - debian/patches/94_spelling.patch
     - debian/patches/70_mysql_va_list.patch
Checksums-Sha1: 
 449770219354d75824b2ecc562e773765c1b096d 2954 mysql-5.5_5.5.28+dfsg-1.dsc
 fc43d9b8663be734f08694a7fe7783dc78a438c1 21120722 mysql-5.5_5.5.28+dfsg.orig.tar.gz
 fc38e70f9b6020c045aae95669bbc5598b2c938e 303680 mysql-5.5_5.5.28+dfsg-1.debian.tar.gz
 bb5a98b2599124704fd981ba41b0e961e48301a1 89126 mysql-common_5.5.28+dfsg-1_all.deb
 b40e3854b776abc2ebb85691a9e723cc0beab4bd 87328 mysql-server_5.5.28+dfsg-1_all.deb
 171abb0540e81aeb2690ba69ba44f7751dba5e01 87198 mysql-client_5.5.28+dfsg-1_all.deb
 aaf7c881dc7891eea63fdd6af6a9d30b30fb9c49 672442 libmysqlclient18_5.5.28+dfsg-1_i386.deb
 72df9e60e90d611f20198b6c6d8050a2fc68e1d5 3076668 libmysqld-pic_5.5.28+dfsg-1_i386.deb
 1db386d476bb3c69ecad3c3ed9e1abaa080c3f0d 3074596 libmysqld-dev_5.5.28+dfsg-1_i386.deb
 8a79ddfe3c9b88fdb5e5546e2be66bf77ede8d21 944846 libmysqlclient-dev_5.5.28+dfsg-1_i386.deb
 ab4cf9f845c320a127e03911486e8be5a1bd54c8 1726240 mysql-client-5.5_5.5.28+dfsg-1_i386.deb
 b035b2dab20bbec2057bf587a5d3fd5caa821f78 3624918 mysql-server-core-5.5_5.5.28+dfsg-1_i386.deb
 ab020ad5bf9653c6e50eb641acb534727d79acee 2008200 mysql-server-5.5_5.5.28+dfsg-1_i386.deb
 42331bc429297b8fb5805385312ab49a331d8c37 4300360 mysql-testsuite-5.5_5.5.28+dfsg-1_i386.deb
 c23345de121d264308b88fb890de29287b8c6473 22522894 mysql-source-5.5_5.5.28+dfsg-1_i386.deb
Checksums-Sha256: 
 bb00c3741781bd02fd85e9dd91feade861b438f09298d289adf10576bb3e1706 2954 mysql-5.5_5.5.28+dfsg-1.dsc
 b9c1651c81cc900d0b1883e117906cd6ba711fc91b99dcb62200286fa9cc7dad 21120722 mysql-5.5_5.5.28+dfsg.orig.tar.gz
 f318369824fa46334801b75c7f1e8db6ba1aba2460a43325cfea1a1cc7754ba5 303680 mysql-5.5_5.5.28+dfsg-1.debian.tar.gz
 e95f93f6d22b76fc8e99681e68bb4ad635dfabc6892e5f8749e9c800712f4ec3 89126 mysql-common_5.5.28+dfsg-1_all.deb
 70475f3d510d8d74c6b00079c230c87bec266d8c19f3f07c18dadbf0c7b81e87 87328 mysql-server_5.5.28+dfsg-1_all.deb
 4e96ab4e6929db2da2fd09f1552875c51d1d4223c89e2eb612e1230922d13138 87198 mysql-client_5.5.28+dfsg-1_all.deb
 ad6d3a37c62f909837a9765df4a946a37a6a8956b4b5bcf5ead871f5813eface 672442 libmysqlclient18_5.5.28+dfsg-1_i386.deb
 5c0ccf1e6912530ee37351ab26a47870165e318dea5630451615b8030c296c02 3076668 libmysqld-pic_5.5.28+dfsg-1_i386.deb
 230a2020a53396c890b673faa9add97387b96b9b5fa23d54d1e802255533c5b9 3074596 libmysqld-dev_5.5.28+dfsg-1_i386.deb
 f15f82ef44a1f3cff82533c59b069d4716c8afb1af7384f5f856f698cf42f3f8 944846 libmysqlclient-dev_5.5.28+dfsg-1_i386.deb
 a11247f90865ebc6f483703d766c0c1284ca0bef374140e819aa9114530fc860 1726240 mysql-client-5.5_5.5.28+dfsg-1_i386.deb
 e3c346d2b93d72d9118bc1452dfee1952eaeeff29c1334afb1df4e701f3c018d 3624918 mysql-server-core-5.5_5.5.28+dfsg-1_i386.deb
 3fe64931a2928b9cfafca5d9850de6ed50648b7c22b34ff90b7d4d4126037b90 2008200 mysql-server-5.5_5.5.28+dfsg-1_i386.deb
 777418cd7f2d4ac44730a9e7dab4dbac112adcc363409d7920fb0a155e742fa1 4300360 mysql-testsuite-5.5_5.5.28+dfsg-1_i386.deb
 34fa76a6e895162e90c66a876e741f5a8cb55314dfac255677b6be8a0cba56ae 22522894 mysql-source-5.5_5.5.28+dfsg-1_i386.deb
Files: 
 edd6e2995f671362e5668bd02605f44a 2954 database optional mysql-5.5_5.5.28+dfsg-1.dsc
 6b38dcabec7a2490963f1fba7f1c1e2f 21120722 database optional mysql-5.5_5.5.28+dfsg.orig.tar.gz
 7371f7c40989817b1f238be9683008d9 303680 database optional mysql-5.5_5.5.28+dfsg-1.debian.tar.gz
 0f594284c26e26473bee388a4cbcafa7 89126 database optional mysql-common_5.5.28+dfsg-1_all.deb
 e8f452bb3dacea872f687f375f3bc0a0 87328 database optional mysql-server_5.5.28+dfsg-1_all.deb
 487c5c6ec0896f1dde0eaa5c8ca5c6ba 87198 database optional mysql-client_5.5.28+dfsg-1_all.deb
 12f7507302b25bf31fa552b554883d12 672442 libs optional libmysqlclient18_5.5.28+dfsg-1_i386.deb
 62bdfe0e8ccb7ac591d68cb400e21f15 3076668 libdevel optional libmysqld-pic_5.5.28+dfsg-1_i386.deb
 10a20754c3c6f74593e392f7908b7376 3074596 libdevel optional libmysqld-dev_5.5.28+dfsg-1_i386.deb
 c876b17a51ab6cb8bb1c691ad95068ee 944846 libdevel optional libmysqlclient-dev_5.5.28+dfsg-1_i386.deb
 6d6a376faa3e744bf8a9cb541e2a5476 1726240 database optional mysql-client-5.5_5.5.28+dfsg-1_i386.deb
 fa53b7f06abc37dd8795e3c1b8e91fbb 3624918 database optional mysql-server-core-5.5_5.5.28+dfsg-1_i386.deb
 5b9a4a151df99ce8a9a4b79bf729a49e 2008200 database optional mysql-server-5.5_5.5.28+dfsg-1_i386.deb
 f0e1f4e3459dec132d230bb631134dd9 4300360 database optional mysql-testsuite-5.5_5.5.28+dfsg-1_i386.deb
 2d643b1ebb481d8cbd8e6874068cddec 22522894 database optional mysql-source-5.5_5.5.28+dfsg-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQjh4cAAoJELbE2bY7/+c8W2cP/2PfAUGxh4vaT1zraLLEvS8L
GIRkblZGwEknf75Cm3EXEn5sZ2H0z/U7+iC9lENgezFzO14pOVsx+hJVoO8+191P
j9Za8gTM5w+itteNT3f6PuILLKKUI4rWRdm9XECUVMlyGE9Y9iHFl6OPsPl3ptNy
/lPICk71kr3Hy7NCjw3oa689/FbHVWphbmUfAJ/ahJqpWsk9XNB11SUJsUbomT8m
/FAAE09u996lvd+CmoTkeBILPU9dTDcJy0mU+33UFBlKVO+nNiFi8Z30e1AAvTkq
SBl2QeboGjE7dXB+JllYPwkdx6X7Rbe6hKNkUN6t9ckUDf9GEQMIRg4kesghZp1/
QxxMvyrp1kFLFKHpDKsgjp2kvxq7X4l89pduoWk4MUai7bKvefNzsmv4qEhVsdga
Femes8heYna4539VReZLFnNTOWS+0d2naViutGY3WeX4qpqqpyFRGSqAGhzU6VCn
Y0iR+jFw6N4PQjbO+0SHWOQG26UevypIzabY2+WZgNvtP+3B2pwAULsv0IWvWKQa
yCdG5t90KBCVK06hAXp1R0waFgCFxm+wl8g7czSNpAZlxNvg/bTG8rE0dw6oOVxh
rCJalP4ipVGlAstjhoaNo2xopscIC9XwbQ1E8RVPl4ovqy50GeIyfXCjK/O3SNdJ
wbQeVqlfI/1bPN9D0Hpq
=7r0a
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 19 Dec 2012 07:26:47 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:03:03 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started