mysql-5.5: Multiple security fixes from the October 2015 CPU

Debian Bug report logs - #802564
mysql-5.5: Multiple security fixes from the October 2015 CPU

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: mysql-5.5: Multiple security fixes from the October 2015 CPU

Date: Wed, 21 Oct 2015 07:29:44 +0200

Source: mysql-5.5
Version: 5.5.23-2
Severity: grave
Tags: security upstream fixed-upstream

Hi,

As usual for this time of the year: there is a new Oracle Patch update
including updates for MySQL, see:

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL

Regards,
Salvatore

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Message #10 received at 802564@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>, 802564@bugs.debian.org

Subject: Re: Bug#802564: mysql-5.5: Multiple security fixes from the October 2015 CPU

Date: Fri, 23 Oct 2015 13:40:29 +0200

Hi MySQL team,

FTR, I have now an update ready which I would push to security-master
soon for wheezy- and jessie-security.

Regards,
Salvatore

Message #15 received at 802564@bugs.debian.org (full text, mbox, reply):

From: Bjoern Boschman <bjoern@boschman.de>

To: Salvatore Bonaccorso <carnil@debian.org>, 802564@bugs.debian.org

Subject: Re: [debian-mysql] Bug#802564: mysql-5.5: Multiple security fixes from the October 2015 CPU

Date: Sat, 24 Oct 2015 08:11:21 +0000

[Message part 1 (text/plain, inline)]

Hi,

why are the changes not pushed on git?

Cheers
B

On Fri, Oct 23, 2015 at 1:45 PM Salvatore Bonaccorso <carnil@debian.org>
wrote:

>
> Hi MySQL team,
>
> FTR, I have now an update ready which I would push to security-master
> soon for wheezy- and jessie-security.
>
> Regards,
> Salvatore
>
> _______________________________________________
> pkg-mysql-maint mailing list
> pkg-mysql-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint
>

[Message part 2 (text/html, inline)]

Message #20 received at 802564@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Bjoern Boschman <bjoern@boschman.de>

Cc: 802564@bugs.debian.org

Subject: Re: [debian-mysql] Bug#802564: mysql-5.5: Multiple security fixes from the October 2015 CPU

Date: Sat, 24 Oct 2015 10:21:35 +0200

[Message part 1 (text/plain, inline)]

Hi Bjoern,

On Sat, Oct 24, 2015 at 08:11:21AM +0000, Bjoern Boschman wrote:
> Hi,
> 
> why are the changes not pushed on git?

I worked on it on behalf of the security team and am not part of the
Debian MySQL Maintainers team on alioth. Can you import the changes
based on the dsc's now available via security.d.o to the teams git?
That would be great!

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #25 received at 802564-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 802564-close@bugs.debian.org

Subject: Bug#802564: fixed in mysql-5.5 5.5.46-0+deb8u1

Date: Sun, 25 Oct 2015 13:47:06 +0000

Source: mysql-5.5
Source-Version: 5.5.46-0+deb8u1

We believe that the bug you reported is fixed in the latest version of
mysql-5.5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 802564@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated mysql-5.5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 23 Oct 2015 13:35:23 +0200
Source: mysql-5.5
Binary: libmysqlclient18 libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 mysql-server mysql-client mysql-testsuite mysql-testsuite-5.5 mysql-source-5.5
Architecture: all source
Version: 5.5.46-0+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 802564
Description: 
 libmysqlclient-dev - MySQL database development files
 libmysqlclient18 - MySQL database client library
 libmysqld-dev - MySQL embedded database development files
 libmysqld-pic - PIC version of MySQL embedded server development files
 mysql-client - MySQL database client (metapackage depending on the latest versio
 mysql-client-5.5 - MySQL database client binaries
 mysql-common - MySQL database common files, e.g. /etc/mysql/my.cnf
 mysql-server - MySQL database server (metapackage depending on the latest versio
 mysql-server-5.5 - MySQL database server binaries and system database setup
 mysql-server-core-5.5 - MySQL database server binaries
 mysql-source-5.5 - MySQL source
 mysql-testsuite - MySQL testsuite
 mysql-testsuite-5.5 - MySQL testsuite
Changes:
 mysql-5.5 (5.5.46-0+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Imported Upstream version 5.5.46 to fix security issues:
     - http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
     - CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819
       CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861
       CVE-2015-4870 CVE-2015-4879 CVE-2015-4913
     (Closes: #802564)
   * Add fix-test-suite-failure-caused-by-arbitrary-date-in-the-future.patch.
     Fix test suite failure caused by arbitrary date in the future.
     Thanks to Marc Deslauriers <marc.deslauriers@canonical.com>
Checksums-Sha1: 
 2f1205a399bffbe23a116e868955533a97ddf6e9 3093 mysql-5.5_5.5.46-0+deb8u1.dsc
 d0ad18d3cd624902c92679f0150c62b06e6a569d 21838374 mysql-5.5_5.5.46.orig.tar.gz
 70a76fe22036a74c0d9f3302594c21b8ea685130 232308 mysql-5.5_5.5.46-0+deb8u1.debian.tar.xz
 ac6a2b7e9611e0a48e1cae9ca33e5d7689f57cd7 85474 mysql-common_5.5.46-0+deb8u1_all.deb
 01c00e719cb081baaef658f9568cea0b3f7cfb46 83702 mysql-server_5.5.46-0+deb8u1_all.deb
 3064b4009655c8750561d1559463e2b4d135f19a 83574 mysql-client_5.5.46-0+deb8u1_all.deb
 bb3851040ccf823b4b65870bd1b1bb021d6c6bf1 83548 mysql-testsuite_5.5.46-0+deb8u1_all.deb
Checksums-Sha256: 
 5a6e3b5dec68ea12dfe5d31b5a98a6123c5cbf1879824044a38bc0cecf9f1568 3093 mysql-5.5_5.5.46-0+deb8u1.dsc
 93e0d91f1b380508edcecdd102cbec79a609d6b594a8814922db1c0fd11c8c3e 21838374 mysql-5.5_5.5.46.orig.tar.gz
 f8a8413076ead23d3be0fd5677a90b3daa78e265b9317c6be8f716bbeddad74d 232308 mysql-5.5_5.5.46-0+deb8u1.debian.tar.xz
 9af1729884ea1eb0d09d56a8afdb9b895f4aa01a85a857d0d486a4e677fc2cff 85474 mysql-common_5.5.46-0+deb8u1_all.deb
 7596fc956068890812c172202adfca5c9ce636ce722490213e45144c3cb67e18 83702 mysql-server_5.5.46-0+deb8u1_all.deb
 1e6cdcc9ff6db593de859f57b58c093456e340ac970952cd5dc10340ad8beef2 83574 mysql-client_5.5.46-0+deb8u1_all.deb
 a057401030dfc5871777342edda7f95a5c4bed5c1acf2806da54c3874a5545c7 83548 mysql-testsuite_5.5.46-0+deb8u1_all.deb
Files: 
 0dd48f0191b5822e30c71faa23baaa06 3093 database optional mysql-5.5_5.5.46-0+deb8u1.dsc
 7f94c003b672d8edac1fb6adb391b090 21838374 database optional mysql-5.5_5.5.46.orig.tar.gz
 002c670dc63e5df45a403b0ccf74a73c 232308 database optional mysql-5.5_5.5.46-0+deb8u1.debian.tar.xz
 d96b2998f2c3f396b04b948ad1ca1546 85474 database optional mysql-common_5.5.46-0+deb8u1_all.deb
 b78e3dc9a8c185eca2c264e7a53a7701 83702 database optional mysql-server_5.5.46-0+deb8u1_all.deb
 d5d0b9148fed685feadb2f2af2ee4dae 83574 database optional mysql-client_5.5.46-0+deb8u1_all.deb
 6dff5f47f81b1210b6b4ed01e94850e5 83548 database optional mysql-testsuite_5.5.46-0+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWKiwxAAoJEAVMuPMTQ89ENsMP/R8w/Beav2Xc6VZ31WWbf7GC
oDxqKCDHrunQf0qAk4v3jhmMJfKlZ4XOAnD+mEUMR0UjFwFpQpB3u3rq6uG5isLz
Y0MRBQ0jIKAmU2SR4PQk5Isy/KLAQELCPEKYn0GkORVOa5kOnWW7QTKvXv3VoqPQ
KS2n9TBXWriW+E4JA8S4clVPkbGag9JJR7SYgZEOgkktv3+k258e/O+ueX9XkTyT
B4PA/LfWECMtV4tZpMb0DGAL/QsGvMYykubY4chAiO19N6PpkJk4s3sVUxIKFexh
51+4wMzOcz7LtmIpXtl4sre4ndn0+v9EwYluUVZYC+1GKSqhwikEfDPN2pLs6lVy
/7yDoIVCWEeokkz6AABdG1lH4V0NBqEoFiivDwIfsTamoERVfwi4jEA2SCarx9HY
xcLuVNp52F7gJ5A0L+ws87D7GGoL8cXZmxYlq/tYfhaJGiYcs5Z/m8t6v9RFw0vn
xmM9ZMPeK7QrtcYH12bu133PWbTS9yS/KMlkgrqM6ByMGCjjQj9nBCGXB2T2fzpR
XCUrV4UdTejzXBu5d9dVZaxzkeRz+317CUPjlG9t+yL252jbM6X/he4CLEqfH62Q
xoE8VIlupdfCHitsuyhq/EuF+5knuZyEnL9Q2Ieih7VqgcD+PbvzZGq7RvTLnn2v
ma9j/MW4Mnd+zWmHw+nd
=IAmA
-----END PGP SIGNATURE-----

Message #30 received at 802564-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 802564-close@bugs.debian.org

Subject: Bug#802564: fixed in mysql-5.5 5.5.46-0+deb7u1

Date: Sun, 25 Oct 2015 13:48:40 +0000

Source: mysql-5.5
Source-Version: 5.5.46-0+deb7u1

We believe that the bug you reported is fixed in the latest version of
mysql-5.5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 802564@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated mysql-5.5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 23 Oct 2015 18:30:49 +0200
Source: mysql-5.5
Binary: libmysqlclient18 libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 mysql-server mysql-client mysql-testsuite-5.5 mysql-source-5.5
Architecture: all source
Version: 5.5.46-0+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 802564
Description: 
 libmysqlclient-dev - MySQL database development files
 libmysqlclient18 - MySQL database client library
 libmysqld-dev - MySQL embedded database development files
 libmysqld-pic - PIC version of MySQL embedded server development files
 mysql-client - MySQL database client (metapackage depending on the latest versio
 mysql-client-5.5 - MySQL database client binaries
 mysql-common - MySQL database common files, e.g. /etc/mysql/my.cnf
 mysql-server - MySQL database server (metapackage depending on the latest versio
 mysql-server-5.5 - MySQL database server binaries and system database setup
 mysql-server-core-5.5 - MySQL database server binaries
 mysql-source-5.5 - MySQL source
 mysql-testsuite-5.5 - MySQL testsuite
Changes:
 mysql-5.5 (5.5.46-0+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Imported Upstream version 5.5.46 to fix security issues:
     - http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
     - CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819
       CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861
       CVE-2015-4870 CVE-2015-4879 CVE-2015-4913
     (Closes: #802564)
   * Add fix-test-suite-failure-caused-by-arbitrary-date-in-the-future.patch.
     Fix test suite failure caused by arbitrary date in the future.
     Thanks to Marc Deslauriers <marc.deslauriers@canonical.com>
   * Add revert-to-_sync_lock_test_and_set.patch.
     Fixes FTBFS on arm and powerpw by reverting to __sync_lock_test_and_set.
     The gcc version in wheezy is too old to have __atomic_*.
     Thanks to Marc Deslauriers <marc.deslauriers@canonical.com> for the patch.
Checksums-Sha1: 
 34910a993908575751f9cccd1e0ef943009c29a2 3038 mysql-5.5_5.5.46-0+deb7u1.dsc
 246fd16a5d1e656c891df44d25071bd0a6997e35 379250 mysql-5.5_5.5.46-0+deb7u1.debian.tar.gz
 404f9e51a92773f880a6817bfc0497222464425a 84764 mysql-common_5.5.46-0+deb7u1_all.deb
 be4eac4addae50cc0e07627c849fcd60739bd786 83010 mysql-server_5.5.46-0+deb7u1_all.deb
 bc92e2a62ed0591b2bc342408264c779f6b332c9 82888 mysql-client_5.5.46-0+deb7u1_all.deb
Checksums-Sha256: 
 36d26087f912c4b429f444db687f9f77532540e9db015de11b92325788c737d3 3038 mysql-5.5_5.5.46-0+deb7u1.dsc
 6b57e55aba1abcbfe62e7f905e4a22c9fa62fa15e8205b5c0e82866881f57844 379250 mysql-5.5_5.5.46-0+deb7u1.debian.tar.gz
 3adb7876dfdd230ac66903dd2ea48ef69a61798f1e98df42a090608eda44285c 84764 mysql-common_5.5.46-0+deb7u1_all.deb
 8df2e4974d4db4027d52dd104ee9908309608b8b879d717d86b1694e0a18a34a 83010 mysql-server_5.5.46-0+deb7u1_all.deb
 3d0d69a2a752e939c6f8dfe30c15d06ecc4bdba77796829e0e9ea51718d4afea 82888 mysql-client_5.5.46-0+deb7u1_all.deb
Files: 
 55caf78144455314184d895b6490ef98 3038 database optional mysql-5.5_5.5.46-0+deb7u1.dsc
 ebe4984adea678cb87ce97f4c63a0d7c 379250 database optional mysql-5.5_5.5.46-0+deb7u1.debian.tar.gz
 41f9218aa6018aca25281c9a39cd828e 84764 database optional mysql-common_5.5.46-0+deb7u1_all.deb
 81ef5b29100064f710181a6e5edaa7f0 83010 database optional mysql-server_5.5.46-0+deb7u1_all.deb
 2c4826de360e9270a3d167bec8111987 82888 database optional mysql-client_5.5.46-0+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWK48jAAoJEAVMuPMTQ89Ex3YP/2gMaqmq1h4njM55SsKt9cxq
hGlAms/d/w+Vf0D/5DroIRb7jlWhwgHflQpbD/5x+o7TbICC4m7MBYJeF7vnaP9t
ufuWufK35lU1PVnNPkk2KH77bsekHF+k+NZqT2KYbBiiYKDwZ+wNjOkPMD9v2B41
vV15+xANgknEjieyOpSSBgQ3si3q+sjvcLTBJ85+6iz1qzjUw6X1eSerJ0hYFzkz
pHKEmVMOdhsAX3GOn0mcCjUHlO1ad/+LC8ciF0CELsnyx1dgv+TpInpEEInvkysH
0dg5VxyOGKQGZvrMjldKuiYpPMAJtxwKA2hg1OKcyf/uja6cIGK0eWNqEyYcftEw
iYxW9fPxnKyxdgFDT+xY+pvGKfkaTrSkBMeXuGZ06DX48uy4NeQVOezIZRC99ctu
sAtQOGiBQq3mU7T0oXVQD+jDB6UQcU5gBqHe16Yn88K3ZltQyXv5htMJwpMwMs1R
S/K64Tz/qHcG9+3zS/QcFxjRcXB9/Bbw9uoDwEBWISjFTOKOPA3y6tuPpNhL/5qe
WDGBbo1/UunLLiKBqN5DkVzWPkFZasn+8pPzHkkyBo97S+RIQdhqXRXQ56fVpmfO
PamvINl0GBqA/0pcN4wLrYHirMsD56rm2bbf6QNPGsYNeCwGkVSTMLVbcHrfnr4Q
sQ/Hl3XLYGi8RVf984K5
=bhCz
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.