Debian Bug report logs -
#980795
Security fixes from the January 2021 CPU
Reported by: Lars Tangvald <lars.tangvald@oracle.com>
Date: Fri, 22 Jan 2021 11:45:01 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in version mysql-8.0/8.0.22
Fixed in version mysql-8.0/8.0.23-1
Done: Lars Tangvald <lars.tangvald@oracle.com>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#980795; Package src:mysql-8.0.
(Fri, 22 Jan 2021 11:45:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Lars Tangvald <lars.tangvald@oracle.com>:
New Bug report received and forwarded. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>.
(Fri, 22 Jan 2021 11:45:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: mysql-8.0
Version: 8.0.22
Severity: grave
Tags: security upstream fixed-upstream
The Oracle Critical Patch Update for October 2020 lists CVEs affecting MySQL 8.0 that are fixed in 8.0.23
CVE list:
- CVE-2021-1998 CVE-2021-2001 CVE-2021-2002 CVE-2021-2087
- CVE-2021-2009 CVE-2021-2012 CVE-2021-2016 CVE-2021-2019
- CVE-2021-2020 CVE-2021-2021 CVE-2021-2022 CVE-2021-2024
- CVE-2021-2028 CVE-2021-2030 CVE-2021-2031 CVE-2021-2032
- CVE-2021-2036 CVE-2021-2038 CVE-2021-2042 CVE-2021-2046
- CVE-2021-2048 CVE-2021-2055 CVE-2021-2056 CVE-2021-2058
- CVE-2021-2060 CVE-2021-2061 CVE-2021-2065 CVE-2021-2070
- CVE-2021-2072 CVE-2021-2076 CVE-2021-2081 CVE-2021-2088
- CVE-2021-2122
Ref: https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL
Regards,
Lars Tangvald
Reply sent
to Lars Tangvald <lars.tangvald@oracle.com>:
You have taken responsibility.
(Mon, 25 Jan 2021 07:09:05 GMT) (full text, mbox, link).
Notification sent
to Lars Tangvald <lars.tangvald@oracle.com>:
Bug acknowledged by developer.
(Mon, 25 Jan 2021 07:09:05 GMT) (full text, mbox, link).
Message #10 received at 980795-close@bugs.debian.org (full text, mbox, reply):
Source: mysql-8.0
Source-Version: 8.0.23-1
Done: Lars Tangvald <lars.tangvald@oracle.com>
We believe that the bug you reported is fixed in the latest version of
mysql-8.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 980795@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lars Tangvald <lars.tangvald@oracle.com> (supplier of updated mysql-8.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 19 Jan 2021 14:07:46 +0000
Source: mysql-8.0
Architecture: source
Version: 8.0.23-1
Distribution: unstable
Urgency: medium
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Lars Tangvald <lars.tangvald@oracle.com>
Closes: 980795
Launchpad-Bugs-Fixed: 1911032
Changes:
mysql-8.0 (8.0.23-1) unstable; urgency=medium
.
[ Lars Tangvald ]
* Imported upstream version 8.0.23 to fix security issues:
- https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL
- CVE-2021-1998 CVE-2021-2001 CVE-2021-2002 CVE-2021-2087
- CVE-2021-2009 CVE-2021-2012 CVE-2021-2016 CVE-2021-2019
- CVE-2021-2020 CVE-2021-2021 CVE-2021-2022 CVE-2021-2024
- CVE-2021-2028 CVE-2021-2030 CVE-2021-2031 CVE-2021-2032
- CVE-2021-2036 CVE-2021-2038 CVE-2021-2042 CVE-2021-2046
- CVE-2021-2048 CVE-2021-2055 CVE-2021-2056 CVE-2021-2058
- CVE-2021-2060 CVE-2021-2061 CVE-2021-2065 CVE-2021-2070
- CVE-2021-2072 CVE-2021-2076 CVE-2021-2081 CVE-2021-2088
- CVE-2021-2122
Upstream release notes:
- https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-23.html
- https://dev.mysql.com/doc/relnotes/mysql-router/en/news-8-0-23.html
(Closes: #980795)
* d/install: Removed mysql_protocol.so from router package
This plugin file has been obsoleted and removed by upstream.
* Fix test failure due to hardcoded date
(LP: #1911032)
* d/patches: Update atomics patch for riscv.
* d/symbols: Add new symbol from 8.0.23 to client library
* d/install: Add new plugins to router and server packages
.
[ Marc Deslauriers ]
* d/symbols: Add new symbol from 8.0.22 to client library
Checksums-Sha1:
a44c8955e89aeff5c296578b2e3d64b0507277b6 3668 mysql-8.0_8.0.23-1.dsc
78350bb4c12dfc869f2c23f0272affa90417538f 291039175 mysql-8.0_8.0.23.orig.tar.gz
bda094b02103d2b462fde5ec292c39d80ccf5d6b 232 mysql-8.0_8.0.23.orig.tar.gz.asc
0152a74561ef2f6b54df8101fd4bb75e9c7cc9ee 157888 mysql-8.0_8.0.23-1.debian.tar.xz
22d2a6a2c021be2d6e1ea6e64ddd86653a7038cc 9351 mysql-8.0_8.0.23-1_source.buildinfo
Checksums-Sha256:
ff2a8f48f1a75e5f87cb058b2d1f69aec73c66e0eb8452b2dd64d04b14066ebf 3668 mysql-8.0_8.0.23-1.dsc
1c7a424303c134758e59607a0b3172e43a21a27ff08e8c88c2439ffd4fc724a5 291039175 mysql-8.0_8.0.23.orig.tar.gz
c1a2783792a2fa7b36b5cd11275bf2353f269cc04371f6056c59dff968595367 232 mysql-8.0_8.0.23.orig.tar.gz.asc
75790d012c9eb06e0fb20ce8e137cec6117dbb2002f95b1f7095193acf0f73ca 157888 mysql-8.0_8.0.23-1.debian.tar.xz
2a17f1cd5659acb83a8cfab17e752fe2c6ecca4ceda7dc6600465bbbfa1d2f4e 9351 mysql-8.0_8.0.23-1_source.buildinfo
Files:
3784f9142513140e84e74e177224f0ef 3668 database optional mysql-8.0_8.0.23-1.dsc
27cfcf24fc754b592acd69fd32a3940a 291039175 database optional mysql-8.0_8.0.23.orig.tar.gz
805b108b3d71c2ebcc8b9ac3855ebf50 232 database optional mysql-8.0_8.0.23.orig.tar.gz.asc
e0caa71ec45deb6d3d58bd8d0ead9899 157888 database optional mysql-8.0_8.0.23-1.debian.tar.xz
47829cfa4275060d520134d70ebad654 9351 database optional mysql-8.0_8.0.23-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJNBAEBCgA3FiEEs50nRMHhVwTIkl6XZjk8wjhkwT8FAmAM+y4ZHGxhcnMudGFu
Z3ZhbGRAb3JhY2xlLmNvbQAKCRBmOTzCOGTBPxDtEADH9WHlkiEA4EA/HxjiKuJT
uytCZec1g9Uanotgo7GY0j/BvvoG7BzwYiWw4v2Vdtm/GI+aBpqnAISrhYw+heLT
ATbaYYDllRcat/DWMTf0jcCse/DjoS+WnBSlGomUo2biQ4Zzd+mBI/+YQy2CtUIR
YEfv9pRTw6TD4HLT6rj5LCsCjfdWYlFwTpW2I29xrQ4tfK+r8o+R8Avh/4OA0Azr
L+8E3RvK7MlCfjXTOUpMb2YPaGrjUnMlQ4TukEEV0U+VZEYXlYl4HT6C4dM4lZ9l
bNlkmIWExdJ1a8FTkxrugexa4p9uTC5oCcYYMFVcQsZOWjIQJIjuBIuID5b9Hycl
8CP6vXzbu00D6qW0yVreLkvEL3vd1WU5sd/P6X1fcslwB5wKMTKqVJrmjvmGFqCP
Bh+MJq4xtyaIs2sgc/gSskmsy9BBIgtP8vAbA4FA8We4I1q+aWCPbfkXXp3VFFlV
QKT43IZLFADLg3ByBJKPNNKiydaSHssogc/dbNLleSleT4HtRkM5zNtpaVOE+ecI
xs2hwJc7dqSG1u1zOX8X4XnyYvFclxrFo6W60vilpntG1fenCtrYDLBDj2r6c33k
vG1PbS/IO8auBQ9XkjFc8ZtuxfCzJCG2tJNLZsYjKp8mnn7pvV/7zG/xP5u9sELz
FeKMUukqbgk6hOjpg/j0Bw==
=F2LQ
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Jan 26 08:01:10 2021;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon