Debian Bug report logs -
#919817
mysql-5.7: Security fixes from the January 2019 CPU
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 19 Jan 2019 21:18:01 UTC
Severity: grave
Tags: security, upstream
Found in version mysql-5.7/5.7.24-3
Fixed in version mysql-5.7/5.7.25-1
Done: Lars Tangvald <lars.tangvald@oracle.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#919817
; Package src:mysql-5.7
.
(Sat, 19 Jan 2019 21:18:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Sat, 19 Jan 2019 21:18:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.7
Version: 5.7.24-3
Severity: grave
Tags: security upstream
Justification: user security hole
Hi
Details at
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixMSQL
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#919817
; Package src:mysql-5.7
.
(Tue, 22 Jan 2019 10:36:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Lars Tangvald <lars.tangvald@oracle.com>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Tue, 22 Jan 2019 10:36:02 GMT) (full text, mbox, link).
Message #10 received at 919817@bugs.debian.org (full text, mbox, reply):
CVE List:
CVE-2018-0734
CVE-2019-2420
CVE-2019-2434
CVE-2019-2455
CVE-2019-2481
CVE-2019-2482
CVE-2019-2486
CVE-2019-2503
CVE-2019-2507
CVE-2019-2510
CVE-2019-2528
CVE-2019-2529
CVE-2019-2531
CVE-2019-2532
CVE-2019-2534
CVE-2019-2537
I'll build and test the update so we can get it uploaded.
--
Lars
On 19.01.2019 22:14, Salvatore Bonaccorso wrote:
> Source: mysql-5.7
> Version: 5.7.24-3
> Severity: grave
> Tags: security upstream
> Justification: user security hole
>
> Hi
>
> Details at
> https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixMSQL
>
> Regards,
> Salvatore
>
> _______________________________________________
> pkg-mysql-maint mailing list
> pkg-mysql-maint@alioth-lists.debian.net
> https://urldefense.proofpoint.com/v2/url?u=https-3A__alioth-2Dlists.debian.net_cgi-2Dbin_mailman_listinfo_pkg-2Dmysql-2Dmaint&d=DwIGaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=M-8dedO8w3Vlx9Nb3v_HN_eQTPKU36yJj5mmQmreYMQ&m=V6YWmDTP8Up8aqe6FOgySAUbY7C2l8NgxQlnOECX4Yw&s=3kTGAVctD96CB83WxpUcWMWEa46FgDCXmzXLUox2QU4&e=
Reply sent
to Lars Tangvald <lars.tangvald@oracle.com>
:
You have taken responsibility.
(Mon, 28 Jan 2019 21:00:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Mon, 28 Jan 2019 21:00:03 GMT) (full text, mbox, link).
Message #15 received at 919817-close@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.7
Source-Version: 5.7.25-1
We believe that the bug you reported is fixed in the latest version of
mysql-5.7, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 919817@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lars Tangvald <lars.tangvald@oracle.com> (supplier of updated mysql-5.7 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 22 Jan 2019 08:03:45 +0100
Source: mysql-5.7
Binary: libmysqlclient20 libmysqld-dev libmysqlclient-dev mysql-client-core-5.7 mysql-client-5.7 mysql-server-core-5.7 mysql-server-5.7 mysql-server mysql-client mysql-testsuite mysql-testsuite-5.7 mysql-source-5.7
Architecture: source
Version: 5.7.25-1
Distribution: unstable
Urgency: high
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Lars Tangvald <lars.tangvald@oracle.com>
Description:
libmysqlclient-dev - MySQL database development files
libmysqlclient20 - MySQL database client library
libmysqld-dev - MySQL embedded database development files
mysql-client - MySQL database client (metapackage depending on the latest versio
mysql-client-5.7 - MySQL database client binaries
mysql-client-core-5.7 - MySQL database core client binaries
mysql-server - MySQL database server (metapackage depending on the latest versio
mysql-server-5.7 - MySQL database server binaries and system database setup
mysql-server-core-5.7 - MySQL database server binaries
mysql-source-5.7 - MySQL source
mysql-testsuite - MySQL regression tests
mysql-testsuite-5.7 - MySQL 5.7 testsuite
Closes: 919817
Changes:
mysql-5.7 (5.7.25-1) unstable; urgency=high (security fixes)
.
* Imported upstream version 5.7.25 to fix security issues:
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- CVE-2018-0734 CVE-2019-2420 CVE-2019-2434 CVE-2019-2455
- CVE-2019-2481 CVE-2019-2482 CVE-2019-2486 CVE-2019-2503
- CVE-2019-2507 CVE-2019-2510 CVE-2019-2528 CVE-2019-2529
- CVE-2019-2531 CVE-2019-2532 CVE-2019-2534 CVE-2019-2537
(Closes: #919817)
Checksums-Sha1:
f268bdacf122c1cee2c22b24178943c925fe39e3 3229 mysql-5.7_5.7.25-1.dsc
cbec35bbe2f2540232105a307770c432380be352 49107578 mysql-5.7_5.7.25.orig.tar.gz
ff3b9a8a74ce38fa89ce45794fc4770b373918ac 156756 mysql-5.7_5.7.25-1.debian.tar.xz
Checksums-Sha256:
23c71f834fcefd5766b130243558844d578e51858271f5f10231e19ae92bf3bd 3229 mysql-5.7_5.7.25-1.dsc
354c427c8679c6a4774f60723ea211e54b4383307764d240940f960d110bf5cf 49107578 mysql-5.7_5.7.25.orig.tar.gz
40c4d766d4c154c54982fba3e6683279fdc11bb8ca89cdcb596415645d827e94 156756 mysql-5.7_5.7.25-1.debian.tar.xz
Files:
7d30f684b59316b3112a58b955fc7380 3229 database optional mysql-5.7_5.7.25-1.dsc
db53cbcc972276cec7a450b042956c57 49107578 database optional mysql-5.7_5.7.25.orig.tar.gz
31fe0ce87d8e78cbbc072319179f07b2 156756 database optional mysql-5.7_5.7.25-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJcT1+fAAoJEOVkucJ1vdUu5rwP/28rKR43o3juNnlnlfeqFoTp
rbDnvtF1ltcoEDK52PsRZp3m4W6bI3DqtMy5pYTVklwKsB2hy7CaiLije/OqDqHo
fSry/lAiOkh43VqFKYpgCBgDcMeMUVrTeZKsJI1k0WQk+NKeHPxm+r9Fz8Q6GCOg
U5tXsw+AVug7w2VJpwB4LbW3LcuZ7vH+Hd19dwtUbxVM4J1+1zCE6h48K6C0F8oW
VuHGvyH1Ltmw1zEgi9BjWBTmzvySqBO8UtKfObs3px7Xzjy3qH5pKlYUXfFOWyAg
3JHI8QNSrV+n4O7kGq8uPQ2uPNHFj8DwRElQakKvJUdTbkwnKIHgj7k/MKcYxO2P
F2W6Kn7SLixSvaQwKqCTogEi/HYLOJDyOPTVxM/GZjjv8W25KUj89YUz4wS+YU9W
FjoOhGW81GGXLnNWUMWRNk3FJM4Gm9WriNlKJ2vmWGFlwR1Utfe4Q9jfgrv2+RRM
atCfIE1VS94Vb8QFrwLztrePzcg76iV4257IDb2JRknACWGL3OMXKMpmctfoCrm6
vKv+c9yWkpdJ1z4OoEF7tomKyugETwZn+w3sbjOTCdKKsIvwB8PQOP8oHBGQthpE
ySWRbsyWt3g9lqbGB96Wv4g6dw68mAizGenpmJ1/TcLxBpCJKdDO3wjMQl1VSp7O
FM+eafOreRaZ3UcUQPvs
=MW4D
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 26 Feb 2019 07:26:41 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:52:01 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.