Debian Bug report logs -
#911221
mysql-5.7: Security fixes from the October 2018 CPU
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 17 Oct 2018 09:15:02 UTC
Severity: grave
Tags: security, upstream
Found in version mysql-5.7/5.7.23-2
Fixed in version mysql-5.7/5.7.24-1
Done: Lars Tangvald <lars.tangvald@oracle.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#911221; Package src:mysql-5.7.
(Wed, 17 Oct 2018 09:15:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>.
(Wed, 17 Oct 2018 09:15:12 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.7
Version: 5.7.23-2
Severity: grave
Tags: security upstream
Hi
Details at
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#911221; Package src:mysql-5.7.
(Fri, 26 Oct 2018 11:00:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Lars Tangvald <lars.tangvald@oracle.com>:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>.
(Fri, 26 Oct 2018 11:00:08 GMT) (full text, mbox, link).
Message #10 received at 911221@bugs.debian.org (full text, mbox, reply):
Hi
5.7.24 has been released now. I'll prepare the upload for unstable.
--
Lars
On 17. okt. 2018 11:11, Salvatore Bonaccorso wrote:
> Source: mysql-5.7
> Version: 5.7.23-2
> Severity: grave
> Tags: security upstream
>
> Hi
>
> Details at
> https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
>
> Regards,
> Salvatore
>
> _______________________________________________
> pkg-mysql-maint mailing list
> pkg-mysql-maint@alioth-lists.debian.net
> https://urldefense.proofpoint.com/v2/url?u=https-3A__alioth-2Dlists.debian.net_cgi-2Dbin_mailman_listinfo_pkg-2Dmysql-2Dmaint&d=DwIGaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=M-8dedO8w3Vlx9Nb3v_HN_eQTPKU36yJj5mmQmreYMQ&m=oUNuxPUyTQQx5a12PpzMJwm47_jhWIY1scwAB-URt8w&s=aHrxW7S4046O6qppWp64O5oH-yk4WDK50_kcaUkm28o&e=
Reply sent
to Lars Tangvald <lars.tangvald@oracle.com>:
You have taken responsibility.
(Fri, 26 Oct 2018 12:09:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 26 Oct 2018 12:09:04 GMT) (full text, mbox, link).
Message #15 received at 911221-close@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.7
Source-Version: 5.7.24-1
We believe that the bug you reported is fixed in the latest version of
mysql-5.7, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 911221@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lars Tangvald <lars.tangvald@oracle.com> (supplier of updated mysql-5.7 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Oct 2018 10:13:22 +0200
Source: mysql-5.7
Binary: libmysqlclient20 libmysqld-dev libmysqlclient-dev mysql-client-core-5.7 mysql-client-5.7 mysql-server-core-5.7 mysql-server-5.7 mysql-server mysql-client mysql-testsuite mysql-testsuite-5.7 mysql-source-5.7
Architecture: source
Version: 5.7.24-1
Distribution: unstable
Urgency: high
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Lars Tangvald <lars.tangvald@oracle.com>
Description:
libmysqlclient-dev - MySQL database development files
libmysqlclient20 - MySQL database client library
libmysqld-dev - MySQL embedded database development files
mysql-client - MySQL database client (metapackage depending on the latest versio
mysql-client-5.7 - MySQL database client binaries
mysql-client-core-5.7 - MySQL database core client binaries
mysql-server - MySQL database server (metapackage depending on the latest versio
mysql-server-5.7 - MySQL database server binaries and system database setup
mysql-server-core-5.7 - MySQL database server binaries
mysql-source-5.7 - MySQL source
mysql-testsuite - MySQL regression tests
mysql-testsuite-5.7 - MySQL 5.7 testsuite
Closes: 911221
Changes:
mysql-5.7 (5.7.24-1) unstable; urgency=high (security fixes)
.
* Imported upstream version 5.7.24 to fix security issues:
- https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- CVE-2016-9843 CVE-2018-3133 CVE-2018-3143 CVE-2018-3144
- CVE-2018-3155 CVE-2018-3156 CVE-2018-3161 CVE-2018-3162
- CVE-2018-3171 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185
- CVE-2018-3187 CVE-2018-3200 CVE-2018-3247 CVE-2018-3251
- CVE-2018-3276 CVE-2018-3277 CVE-2018-3278 CVE-2018-3282
- CVE-2018-3283 CVE-2018-3284
(Closes: #911221)
* d/patches: Dropped mysql-test-run.patch
Issue is fixed upstream
Checksums-Sha1:
4a2094e2c429cabaf01a281f9d73aacf2afb1225 3229 mysql-5.7_5.7.24-1.dsc
bd106953ca5bd0097483ca2bb9d13784bfc64365 49110448 mysql-5.7_5.7.24.orig.tar.gz
e93182c505c50426df5a029c99b708c5a73146ab 155416 mysql-5.7_5.7.24-1.debian.tar.xz
Checksums-Sha256:
0840dc6bd325d53eb575f69bf724b801ee554d9a66f95a2e80c5ceb09a6ce8f3 3229 mysql-5.7_5.7.24-1.dsc
b980dced9c9eb3385cca44870facc220504ca011196c5a19c2bfe43d3f5d6212 49110448 mysql-5.7_5.7.24.orig.tar.gz
d2bb8a3e65be070c767a39f3e0bba6bcf719b21d017df6c98e6c1be96752ede2 155416 mysql-5.7_5.7.24-1.debian.tar.xz
Files:
07870c696141bcbe8d03d200a78cb8b1 3229 database optional mysql-5.7_5.7.24-1.dsc
ee658554c11330116268783c45e9ed3c 49110448 database optional mysql-5.7_5.7.24.orig.tar.gz
783c21bcf3d3009ff7bc5ac4e6231d88 155416 database optional mysql-5.7_5.7.24-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJb0vuYAAoJEOVkucJ1vdUuwboP/Ry5WLO6imVkutl6m08ptJSo
xLtZE61mVJHDZL1bGXI1IKTxWpa6zAhgIsA4/lAyn953Bh8chYztiS2FSG8sU/3u
zHuk2bWBrclRDr6iOIlUoNNZoA36Ny2pZH3C+/qScyB1ywC8EoX0C77Mf/JkTmqH
7AzfJNbbHIkzbO16NJReGByZNW+dRiV9Hb3qa7tPy9dlcSHKFVNniAEIqRoq17PG
PeVFk30jNZFsZGaU1VCFKdEw2sNgKSbiXq70bpMQ6AYcXFcuujnZUWsodoeOOGfN
QNGXtULgEKjrLcixYdHRx+VTav2A67Csw8rzezDMRfxJdQ9GejMn21i8N2ihLYpo
dXxvjjtU+/xArMbMTFA3ELj3ycxwTddlEv9gUI591+nzrLnzcJYWucXUNy6LnDk6
eVNFsQ05vAeENQus82b6XUq2xfEoImvM2/BvQVOAspzU4mY4A25+hc4gsF1UGbNY
b5irF9ItsjxFubsmUNiFPLHBdzbcvJeedOmIxkN+HuYs01vhn99mCgscnC24fG78
Nf0FOrU68KJRWguVFvb4CAAClW0s/zBXD0kPwe5JMItVtlVxzG7Hcl0baIzjP8Tq
ogoSUntafhkfdKal3IFZUV6OMpZlXrKFl+c2LpBpJgK3o1slh6Ak+11neAb5Hfxz
v3byhT82+yNLu9lMqkKz
=+hRZ
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 14 Dec 2018 07:27:51 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:21:40 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon