Debian Bug report logs -
#851235
Security fixes from the January 2017 CPU
Reported by: "Norvald H. Ryeng" <norvald.ryeng@oracle.com>
Date: Fri, 13 Jan 2017 08:24:07 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in version mysql-5.7/5.7.16-2
Fixed in version 5.7.17-1
Done: Andreas Beckmann <anbe@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#851235; Package src:mysql-5.7.
(Fri, 13 Jan 2017 08:24:10 GMT) (full text, mbox, link).
Acknowledgement sent
to "Norvald H. Ryeng" <norvald.ryeng@oracle.com>:
New Bug report received and forwarded. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>.
(Fri, 13 Jan 2017 08:24:10 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.7
Version: 5.7.16-2
Severity: grave
Tags: security upstream fixed-upstream
The Oracle Critical Patch Update for January 2017 will be released on
Tuesday, January 17. According to the pre-release announcement [1], it
will contain information about CVEs fixed in MySQL 5.7.17.
The CVE numbers will be available when the CPU is released.
Regards,
Norvald H. Ryeng
[1] http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#851235; Package src:mysql-5.7.
(Tue, 17 Jan 2017 20:51:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Lars Tangvald <lars.tangvald@oracle.com>:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>.
(Tue, 17 Jan 2017 20:51:07 GMT) (full text, mbox, link).
Message #10 received at 851235@bugs.debian.org (full text, mbox, reply):
I've built and tested the updates, and will pass debdiffs on to the security team once the CVE list is available.
--
Lars
----- norvald.ryeng@oracle.com wrote:
> Source: mysql-5.7
> Version: 5.7.16-2
> Severity: grave
> Tags: security upstream fixed-upstream
>
> The Oracle Critical Patch Update for January 2017 will be released on
>
> Tuesday, January 17. According to the pre-release announcement [1], it
>
> will contain information about CVEs fixed in MySQL 5.7.17.
>
> The CVE numbers will be available when the CPU is released.
>
> Regards,
>
> Norvald H. Ryeng
>
> [1]
> http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
>
> _______________________________________________
> pkg-mysql-maint mailing list
> pkg-mysql-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#851235; Package src:mysql-5.7.
(Wed, 18 Jan 2017 08:21:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Lars Tangvald <lars.tangvald@oracle.com>, 851235@bugs.debian.org:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>.
(Wed, 18 Jan 2017 08:21:06 GMT) (full text, mbox, link).
Message #15 received at 851235@bugs.debian.org (full text, mbox, reply):
CVE List for 5.7:
CVE-2016-8318
CVE-2016-8327
CVE-2017-3238
CVE-2017-3244
CVE-2017-3251
CVE-2017-3256
CVE-2017-3257
CVE-2017-3258
CVE-2017-3265
CVE-2017-3273
CVE-2017-3291
CVE-2017-3312
CVE-2017-3313
CVE-2017-3317
CVE-2017-3318
CVE-2017-3319
CVE-2017-3320
--
Lars
On 01/17/2017 09:48 PM, Lars Tangvald wrote:
> I've built and tested the updates, and will pass debdiffs on to the security team once the CVE list is available.
>
> --
> Lars
> ----- norvald.ryeng@oracle.com wrote:
>
>> Source: mysql-5.7
>> Version: 5.7.16-2
>> Severity: grave
>> Tags: security upstream fixed-upstream
>>
>> The Oracle Critical Patch Update for January 2017 will be released on
>>
>> Tuesday, January 17. According to the pre-release announcement [1], it
>>
>> will contain information about CVEs fixed in MySQL 5.7.17.
>>
>> The CVE numbers will be available when the CPU is released.
>>
>> Regards,
>>
>> Norvald H. Ryeng
>>
>> [1]
>> http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
>>
>> _______________________________________________
>> pkg-mysql-maint mailing list
>> pkg-mysql-maint@lists.alioth.debian.org
>> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint
> _______________________________________________
> pkg-mysql-maint mailing list
> pkg-mysql-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint
Reply sent
to Andreas Beckmann <anbe@debian.org>:
You have taken responsibility.
(Wed, 01 Feb 2017 02:39:05 GMT) (full text, mbox, link).
Notification sent
to "Norvald H. Ryeng" <norvald.ryeng@oracle.com>:
Bug acknowledged by developer.
(Wed, 01 Feb 2017 02:39:05 GMT) (full text, mbox, link).
Message #20 received at 851235-done@bugs.debian.org (full text, mbox, reply):
Version: 5.7.17-1
-------- Forwarded Message --------
Subject: mysql-5.7_5.7.17-1_source.changes ACCEPTED into unstable
Date: Wed, 01 Feb 2017 01:34:10 +0000
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: Lars Tangvald <lars.tangvald@oracle.com>, Debian MySQL Maintainers
<pkg-mysql-maint@lists.alioth.debian.org>, anbe@debian.org
Accepted:
Format: 1.8
Date: Wed, 01 Feb 2017 01:12:18 +0100
Source: mysql-5.7
Binary: libmysqlclient20 libmysqld-dev libmysqlclient-dev
mysql-client-core-5.7 mysql-client-5.7 mysql-server-core-5.7
mysql-server-5.7 mysql-server mysql-client mysql-testsuite
mysql-testsuite-5.7 mysql-source-5.7
Architecture: source
Version: 5.7.17-1
Distribution: unstable
Urgency: high
Maintainer: Debian MySQL Maintainers
<pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Lars Tangvald <lars.tangvald@oracle.com>
Description:
libmysqlclient-dev - MySQL database development files
libmysqlclient20 - MySQL database client library
libmysqld-dev - MySQL embedded database development files
mysql-client - MySQL database client (metapackage depending on the
latest versio
mysql-client-5.7 - MySQL database client binaries
mysql-client-core-5.7 - MySQL database core client binaries
mysql-server - MySQL database server (metapackage depending on the
latest versio
mysql-server-5.7 - MySQL database server binaries and system database setup
mysql-server-core-5.7 - MySQL database server binaries
mysql-source-5.7 - MySQL source
mysql-testsuite - MySQL regression tests
mysql-testsuite-5.7 - MySQL 5.7 testsuite
Changes:
mysql-5.7 (5.7.17-1) unstable; urgency=high (security fixes)
.
[ Bjoern Boschman ]
* Imported Upstream version 5.7.17
.
[ Lars Tangvald ]
* Updated mysql_config flag patch for 5.7.17
* Upstream version 5.7.17 fixes security issues:
-
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
- CVE-2016-8318 CVE-2016-8327 CVE-2017-3238 CVE-2017-3244
- CVE-2017-3251 CVE-2017-3256 CVE-2017-3257 CVE-2017-3258
- CVE-2017-3265 CVE-2017-3273 CVE-2017-3291 CVE-2017-3312
- CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3319
- CVE-2017-3320
* d/copyright: Add files for connection_control plugin
* d/*.README.Debian: Fix spelling errors
* d/libmysqld-dev.lintian-overrides: Override
"depends-on-obsolete-package
depends: libmysqlclient-dev => default-libmysqlclient-dev" which is a
false positive for src:mysql-5.7
* d/control: Add myself to Uploaders
.
[ Andreas Beckmann ]
* d/copyright: Fix more issues noticed by lintian: drop copyright
info for
files that were removed upstream, reorder shadowed sections
Checksums-Sha1:
77089653456630036feccef86384778a74009221 3255 mysql-5.7_5.7.17-1.dsc
6d848f7ea596a7a81a353415189f04452ef20df6 61480982
mysql-5.7_5.7.17.orig.tar.gz
ed75f23599501640fc64a0d060a385e293e5741f 3386860
mysql-5.7_5.7.17-1.debian.tar.xz
cd75124787695bf9e8dd27818308db6dd4d9f633 6659
mysql-5.7_5.7.17-1_source.buildinfo
Checksums-Sha256:
ebb6a0c630b833b6b2f9c02666eaf93166c0d29884b1534c455b19000e5db971 3255
mysql-5.7_5.7.17-1.dsc
b75bba87199ef6a6ccc5dfbcaf70949009dc12089eafad8c5254afc9002aa903
61480982 mysql-5.7_5.7.17.orig.tar.gz
fdd9f5ffdda3aa56f5439e2b4554c2d34d92f9365f887f7ce3e480de35636490
3386860 mysql-5.7_5.7.17-1.debian.tar.xz
e055e155aca358db7e75c46c475ea8a95186b3adfb9e3de2bcf3d9e7b665b97c 6659
mysql-5.7_5.7.17-1_source.buildinfo
Files:
032df72c072dd7c650c329d9a255af12 3255 database optional
mysql-5.7_5.7.17-1.dsc
cfabc622427f149a8b8301a251a0484d 61480982 database optional
mysql-5.7_5.7.17.orig.tar.gz
215cac48f2c3684ff17845f979e08993 3386860 database optional
mysql-5.7_5.7.17-1.debian.tar.xz
58ac53b63541d01c4d495c1eff4d54ab 6659 database optional
mysql-5.7_5.7.17-1_source.buildinfo
Thank you for your contribution to Debian.
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 01 Mar 2017 07:28:20 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:51:03 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon