mysql-5.5: Multiple security fixes from the January 2016 CPU

Debian Bug report logs - #811428
mysql-5.5: Multiple security fixes from the January 2016 CPU

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "Norvald H. Ryeng" <norvald.ryeng@oracle.com>

To: submit@bugs.debian.org

Subject: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Mon, 18 Jan 2016 21:12:10 +0100

Source: mysql-5.5
Version: 5.5.46-0+deb8u1
Severity: grave
Tags: security upstream fixed-upstream

The Oracle Critical Patch Update for January 2016 will be released on  
Tuesday, January 19. According to the pre-release announcement [1], it  
will contain information about CVEs fixed in MySQL 5.5.47.

The CVE numbers will be available when the CPU is released.

All necessary work to upgrade to 5.5.47 has already been done in git.  
Someone just needs to tag it and upload.

Regards,

Norvald H. Ryeng

[1]  
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Message #12 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Lars Tangvald <lars.tangvald@oracle.com>

To: <811428@bugs.debian.org>

Subject: Re: [debian-mysql] Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Tue, 19 Jan 2016 13:29:03 -0800 (PST)

The updated changelog containing the CPU information can be found at https://github.com/ltangvald/mysql-5.5
The final commit is the only change from https://anonscm.debian.org/cgit/pkg-mysql/mysql-5.5.git

--
Lars Tangvald

Message #17 received at 811428@bugs.debian.org (full text, mbox, reply):

From: "Norvald H. Ryeng" <norvald.ryeng@oracle.com>

To: 811428@bugs.debian.org

Subject: Re: [debian-mysql] Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Tue, 19 Jan 2016 22:02:57 +0100

The Critical Patch Update is out:  
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

The following vulnerabilities are fixed by upgrading from MySQL 5.5.46 to  
5.5.47:

CVE-2016-0505
CVE-2016-0546
CVE-2016-0597
CVE-2016-0598
CVE-2016-0600
CVE-2016-0606
CVE-2016-0608
CVE-2016-0609
CVE-2016-0596
CVE-2016-0616

Regards,

Norvald H. Ryeng

Message #22 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Clint Byrum <spamaps@debian.org>

To: Norvald H. Ryeng <norvald.ryeng@oracle.com>

Cc: 811428 <811428@bugs.debian.org>

Subject: Re: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Tue, 19 Jan 2016 15:59:48 -0800

Is anyone working on the build/test/upload of the final binaries?

Excerpts from Norvald H. Ryeng's message of 2016-01-19 13:02:57 -0800:
> The Critical Patch Update is out:  
> http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
> 
> The following vulnerabilities are fixed by upgrading from MySQL 5.5.46 to  
> 5.5.47:
> 
> CVE-2016-0505
> CVE-2016-0546
> CVE-2016-0597
> CVE-2016-0598
> CVE-2016-0600
> CVE-2016-0606
> CVE-2016-0608
> CVE-2016-0609
> CVE-2016-0596
> CVE-2016-0616
> 
> Regards,
> 
> Norvald H. Ryeng
> 

Message #27 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Lars Tangvald <lars.tangvald@oracle.com>

To: 811428@bugs.debian.org

Subject: Re: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Wed, 20 Jan 2016 08:05:43 +0100

The git tree is missing a copyright update made by the security team, 
which will need to be merged.

--
Lars Tangvald

On 01/19/2016 10:02 PM, Norvald H. Ryeng wrote:
> The Critical Patch Update is out: 
> http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
>
> The following vulnerabilities are fixed by upgrading from MySQL 5.5.46 
> to 5.5.47:
>
> CVE-2016-0505
> CVE-2016-0546
> CVE-2016-0597
> CVE-2016-0598
> CVE-2016-0600
> CVE-2016-0606
> CVE-2016-0608
> CVE-2016-0609
> CVE-2016-0596
> CVE-2016-0616
>
> Regards,
>
> Norvald H. Ryeng
>
> _______________________________________________
> pkg-mysql-maint mailing list
> pkg-mysql-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint

Message #32 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Lars Tangvald <lars.tangvald@oracle.com>

To: Clint Byrum <spamaps@debian.org>, 811428@bugs.debian.org

Subject: Re: [debian-mysql] Bug#811428: Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Wed, 20 Jan 2016 09:49:10 +0100

On 01/20/2016 12:59 AM, Clint Byrum wrote:
> Is anyone working on the build/test/upload of the final binaries?
I'm working with Robie to get the upload ready. Dep8 tests have passed 
on stable, and the changes made by the security team for previous 
releases should all be merged into my github tree.

Once it's merged into Alioth we'll need someone to take over for tag and 
upload.

--
Lars Tangvald

Message #37 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Lars Tangvald <lars.tangvald@oracle.com>

To: Clint Byrum <spamaps@debian.org>, 811428@bugs.debian.org

Subject: Re: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Wed, 20 Jan 2016 10:14:59 +0100

http://anonscm.debian.org/cgit/pkg-mysql/mysql-5.5.git/  is updated.
I'll send a notice to the security team. They may want us to do the 
upload, in which case we'll need someone who has the permissions to do so :)

--
Lars Tangvald

Message #42 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Robie Basak <robie.basak@ubuntu.com>

To: team@security.debian.org

Cc: 811428@bugs.debian.org

Subject: Re: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Thu, 21 Jan 2016 09:46:13 +0000

[Message part 1 (text/plain, inline)]

Dear Security Team,

You have asked us to be prompt with helping to prepare security updates
for you, and we have done so. We have kept the bug updated like you
asked us last time. The sources are tested and ready. We notified the
bug as requested, but haven't heard from you. Please let us know how you
want to coordinate uploading this.

Thanks,

Robie

[signature.asc (application/pgp-signature, inline)]

Message #47 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Robie Basak <robie.basak@ubuntu.com>

Cc: team@security.debian.org, 811428@bugs.debian.org

Subject: Re: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Thu, 21 Jan 2016 20:10:50 +0100

[Message part 1 (text/plain, inline)]

Hi Robie,

On Thu, Jan 21, 2016 at 09:46:13AM +0000, Robie Basak wrote:
> Dear Security Team,
> 
> You have asked us to be prompt with helping to prepare security updates
> for you, and we have done so. We have kept the bug updated like you
> asked us last time. The sources are tested and ready. We notified the
> bug as requested, but haven't heard from you. Please let us know how you
> want to coordinate uploading this.

Thanks for preparing an update.

We usually would see a debdiff from the resulting built package (in
case of a new upstream import this can get big, so some autogenerated
files can be filtered out).

We have collected important information for us in advisory preparation
in https://wiki.debian.org/DebianSecurity/AdvisoryCreation especially
relevant from the developers point of view preparing the update
https://wiki.debian.org/DebianSecurity/AdvisoryCreation/SecurityDev .

The changelog itself looks good to me from a quick skim trough. It
addresses all the information we would like to have seen there (CVE
references, bug fixed, reference to Oracle CPU). Thank you.

Important question first: What is the status for the wheezy-security
package for those issues?

Plase make sure for the following: Once you have both, built the
jessie-security one with -sa to include the original orig.tar.gz and
the wheezy-security one explicitly without -sa to not include the orig
source tarball.

Then we need a bit of coordination for the upload order, since
mysql-5.5 is a special case with same source orig.tar.gz for both
wheezy and jessie. Someone of your team with GPG key in the DD keyring
might then upload first the jessie-security one to security-master,
and after it gets accepted there, upload the wheezy-security one.

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #52 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Lars Tangvald <lars.tangvald@oracle.com>

To: <811428@bugs.debian.org>, <carnil@debian.org>

Cc: <team@security.debian.org>, <robie.basak@ubuntu.com>

Subject: Re: [debian-mysql] Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Fri, 22 Jan 2016 08:25:30 -0800 (PST)

Hi Salvatore,

I'll get the wheezy-security package built and tested and send an update as soon as it's done.

regards,
Lars Tangvald

----- Original Message -----
From: carnil@debian.org
To: robie.basak@ubuntu.com
Cc: 811428@bugs.debian.org, team@security.debian.org
Sent: Thursday, January 21, 2016 8:15:30 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna
Subject: [debian-mysql] Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Hi Robie,

On Thu, Jan 21, 2016 at 09:46:13AM +0000, Robie Basak wrote:
> Dear Security Team,
> 
> You have asked us to be prompt with helping to prepare security updates
> for you, and we have done so. We have kept the bug updated like you
> asked us last time. The sources are tested and ready. We notified the
> bug as requested, but haven't heard from you. Please let us know how you
> want to coordinate uploading this.

Thanks for preparing an update.

We usually would see a debdiff from the resulting built package (in
case of a new upstream import this can get big, so some autogenerated
files can be filtered out).

We have collected important information for us in advisory preparation
in https://wiki.debian.org/DebianSecurity/AdvisoryCreation especially
relevant from the developers point of view preparing the update
https://wiki.debian.org/DebianSecurity/AdvisoryCreation/SecurityDev .

The changelog itself looks good to me from a quick skim trough. It
addresses all the information we would like to have seen there (CVE
references, bug fixed, reference to Oracle CPU). Thank you.

Important question first: What is the status for the wheezy-security
package for those issues?

Plase make sure for the following: Once you have both, built the
jessie-security one with -sa to include the original orig.tar.gz and
the wheezy-security one explicitly without -sa to not include the orig
source tarball.

Then we need a bit of coordination for the upload order, since
mysql-5.5 is a special case with same source orig.tar.gz for both
wheezy and jessie. Someone of your team with GPG key in the DD keyring
might then upload first the jessie-security one to security-master,
and after it gets accepted there, upload the wheezy-security one.

Regards,
Salvatore

_______________________________________________
pkg-mysql-maint mailing list
pkg-mysql-maint@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint

Message #57 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Lars Tangvald <lars.tangvald@oracle.com>

Cc: 811428@bugs.debian.org, team@security.debian.org, robie.basak@ubuntu.com

Subject: Re: [debian-mysql] Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Mon, 25 Jan 2016 08:57:13 +0100

Hi Lars,

On Fri, Jan 22, 2016 at 08:25:30AM -0800, Lars Tangvald wrote:
> Hi Salvatore,
> 
> I'll get the wheezy-security package built and tested and send an update as soon as it's done.

Great thanks!

In meanwhile could you please send the resulting debdiff for the
jessie-security upload to us, for a short review? If it is then fine
we can already have the jessie-security package uploaded to
security-master and let the buildd daemons pick the work.

Regards,
Salvatore

Message #62 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Lars Tangvald <lars.tangvald@oracle.com>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: 811428@bugs.debian.org, team@security.debian.org, robie.basak@ubuntu.com

Subject: Re: [debian-mysql] Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Mon, 25 Jan 2016 12:23:19 +0100

Hi,

I'll get it sent over shortly.

--
Lars

On 01/25/2016 08:57 AM, Salvatore Bonaccorso wrote:
> Hi Lars,
>
> On Fri, Jan 22, 2016 at 08:25:30AM -0800, Lars Tangvald wrote:
>> Hi Salvatore,
>>
>> I'll get the wheezy-security package built and tested and send an update as soon as it's done.
> Great thanks!
>
> In meanwhile could you please send the resulting debdiff for the
> jessie-security upload to us, for a short review? If it is then fine
> we can already have the jessie-security package uploaded to
> security-master and let the buildd daemons pick the work.
>
> Regards,
> Salvatore

Message #67 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Lars Tangvald <lars.tangvald@oracle.com>

Cc: 811428@bugs.debian.org, team@security.debian.org, robie.basak@ubuntu.com

Subject: Re: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Tue, 26 Jan 2016 13:19:26 +0100

[Message part 1 (text/plain, inline)]

Hi Lars,

On Tue, Jan 26, 2016 at 01:11:45AM -0800, Lars Tangvald wrote:
> Wheezy package has been built and tested
> 
> At the moment it's just on my personal github at
> https://github.com/ltangvald/mysql-5.5/tree/debian/wheezy, but we
> should get it uploaded to Alioth soon.
> Attaching the debdiff and debian/ diff.

Thank you looks good to me.

I haven't seen the same for jessie, but assuming it is basically the
same and matching what you showed me initially from git, let's go
ahead with an upload.

Please remember to do the jessie-security first (built with -sa) and
then after ~20 minutes the wheezy-security one (explicitly without
-sa, and not including the orig source tarball; this is due to some
limitation in the archive software).

The upload needs to be signed by a a key in the DD keyring.

I will then wait for the builds and then take care of releasing the
packages with a DSA.

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #72 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Robie Basak <robie.basak@ubuntu.com>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: Lars Tangvald <lars.tangvald@oracle.com>, 811428@bugs.debian.org, team@security.debian.org

Subject: Re: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Tue, 26 Jan 2016 18:36:06 +0000

[Message part 1 (text/plain, inline)]

Hi Salvatore,

On Tue, Jan 26, 2016 at 01:19:26PM +0100, Salvatore Bonaccorso wrote:
> Thank you looks good to me.
> 
> I haven't seen the same for jessie, but assuming it is basically the
> same and matching what you showed me initially from git, let's go
> ahead with an upload.

FYI, we're still working on this. I've hit some kind of issue with my
build chroot that I created from scratch for this task, so I think it
may be a bug in sid somewhere. I'm investigating. I'd prefer to
understand the root cause so that I can be sure that we don't upload bad
binaries.

> Please remember to do the jessie-security first (built with -sa) and
> then after ~20 minutes the wheezy-security one (explicitly without
> -sa, and not including the orig source tarball; this is due to some
> limitation in the archive software).
> 
> The upload needs to be signed by a a key in the DD keyring.
> 
> I will then wait for the builds and then take care of releasing the
> packages with a DSA.

Ack.

Robie

[signature.asc (application/pgp-signature, inline)]

Message #77 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Robie Basak <robie.basak@ubuntu.com>

Cc: Lars Tangvald <lars.tangvald@oracle.com>, 811428@bugs.debian.org, team@security.debian.org

Subject: Re: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Tue, 26 Jan 2016 20:17:30 +0100

Hi Robie,

On Tue, Jan 26, 2016 at 06:36:06PM +0000, Robie Basak wrote:
> Hi Salvatore,
> 
> On Tue, Jan 26, 2016 at 01:19:26PM +0100, Salvatore Bonaccorso wrote:
> > Thank you looks good to me.
> > 
> > I haven't seen the same for jessie, but assuming it is basically the
> > same and matching what you showed me initially from git, let's go
> > ahead with an upload.
> 
> FYI, we're still working on this. I've hit some kind of issue with my
> build chroot that I created from scratch for this task, so I think it
> may be a bug in sid somewhere. I'm investigating. I'd prefer to
> understand the root cause so that I can be sure that we don't upload bad
> binaries.

Thanks for the status-update!

Regards,
Salvatore

Message #82 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Robie Basak <robie.basak@ubuntu.com>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: Lars Tangvald <lars.tangvald@oracle.com>, 811428@bugs.debian.org, team@security.debian.org

Subject: Re: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Wed, 27 Jan 2016 17:10:58 +0000

[Message part 1 (text/plain, inline)]

Hi Salvatore,

On Tue, Jan 26, 2016 at 08:17:30PM +0100, Salvatore Bonaccorso wrote:
> On Tue, Jan 26, 2016 at 06:36:06PM +0000, Robie Basak wrote:
> > Hi Salvatore,
> > 
> > On Tue, Jan 26, 2016 at 01:19:26PM +0100, Salvatore Bonaccorso wrote:
> > > Thank you looks good to me.
> > > 
> > > I haven't seen the same for jessie, but assuming it is basically the
> > > same and matching what you showed me initially from git, let's go
> > > ahead with an upload.
> > 
> > FYI, we're still working on this. I've hit some kind of issue with my
> > build chroot that I created from scratch for this task, so I think it
> > may be a bug in sid somewhere. I'm investigating. I'd prefer to
> > understand the root cause so that I can be sure that we don't upload bad
> > binaries.
> 
> Thanks for the status-update!

Now uploaded. I took care to follow your instructions and the ones
listed at
https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#bug-security
carefully. I expected email confirmations back but haven't received
anything. Can you check if it worked, please?

If anyone's interested, the reason for the delay was that debootstrap
1.0.76 regresses chroots created with mk-sbuild, so the chroots I
created to build were broken and causing build failures. I filed
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812811 and reverted
the offending commit locally to work around this.

A second issue is that parallel builds are broken in the packaging in
wheezy and jessie. These is fixed in testing. I thought it would be
quicker to work around for now by not parallel building rather than
delay further by attempting to cherry-pick the fix.

Robie

[signature.asc (application/pgp-signature, inline)]

Message #87 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Robie Basak <robie.basak@ubuntu.com>

Cc: Lars Tangvald <lars.tangvald@oracle.com>, 811428@bugs.debian.org, team@security.debian.org

Subject: Re: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Wed, 27 Jan 2016 19:15:24 +0100

[Message part 1 (text/plain, inline)]

Hi Robie,

On Wed, Jan 27, 2016 at 05:10:58PM +0000, Robie Basak wrote:
> Hi Salvatore,
> 
> On Tue, Jan 26, 2016 at 08:17:30PM +0100, Salvatore Bonaccorso wrote:
> > On Tue, Jan 26, 2016 at 06:36:06PM +0000, Robie Basak wrote:
> > > Hi Salvatore,
> > > 
> > > On Tue, Jan 26, 2016 at 01:19:26PM +0100, Salvatore Bonaccorso wrote:
> > > > Thank you looks good to me.
> > > > 
> > > > I haven't seen the same for jessie, but assuming it is basically the
> > > > same and matching what you showed me initially from git, let's go
> > > > ahead with an upload.
> > > 
> > > FYI, we're still working on this. I've hit some kind of issue with my
> > > build chroot that I created from scratch for this task, so I think it
> > > may be a bug in sid somewhere. I'm investigating. I'd prefer to
> > > understand the root cause so that I can be sure that we don't upload bad
> > > binaries.
> > 
> > Thanks for the status-update!
> 
> Now uploaded. I took care to follow your instructions and the ones
> listed at
> https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#bug-security
> carefully. I expected email confirmations back but haven't received
> anything. Can you check if it worked, please?

Yes the dak mails for security-master are only sent to the security
team. I can confirm that

mysql-5.5_5.5.47-0+deb8u1_amd64.changes ACCEPTED into stable->embargoed

and

mysql-5.5_5.5.47-0+deb7u1_amd64.changes ACCEPTED into oldstable->embargoed

The buildd have picked up the work and builds are coming in.

> If anyone's interested, the reason for the delay was that debootstrap
> 1.0.76 regresses chroots created with mk-sbuild, so the chroots I
> created to build were broken and causing build failures. I filed
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812811 and reverted
> the offending commit locally to work around this.
> 
> A second issue is that parallel builds are broken in the packaging in
> wheezy and jessie. These is fixed in testing. I thought it would be
> quicker to work around for now by not parallel building rather than
> delay further by attempting to cherry-pick the fix.

Thanks for this additional information.

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #92 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Robie Basak <robie.basak@ubuntu.com>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: Lars Tangvald <lars.tangvald@oracle.com>, 811428@bugs.debian.org, team@security.debian.org

Subject: Re: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Wed, 27 Jan 2016 18:32:24 +0000

[Message part 1 (text/plain, inline)]

On Wed, Jan 27, 2016 at 07:15:24PM +0100, Salvatore Bonaccorso wrote:
> Yes the dak mails for security-master are only sent to the security
> team. I can confirm that
> 
> mysql-5.5_5.5.47-0+deb8u1_amd64.changes ACCEPTED into stable->embargoed
> 
> and
> 
> mysql-5.5_5.5.47-0+deb7u1_amd64.changes ACCEPTED into oldstable->embargoed
> 
> The buildd have picked up the work and builds are coming in.

Great. Thanks! Please let us know if we can help with anything else.

[signature.asc (application/pgp-signature, inline)]

Message #97 received at 811428@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Robie Basak <robie.basak@ubuntu.com>

Cc: Lars Tangvald <lars.tangvald@oracle.com>, 811428@bugs.debian.org, team@security.debian.org

Subject: Re: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

Date: Thu, 28 Jan 2016 07:22:36 +0100

Hi Robie,

On Wed, Jan 27, 2016 at 06:32:24PM +0000, Robie Basak wrote:
> On Wed, Jan 27, 2016 at 07:15:24PM +0100, Salvatore Bonaccorso wrote:
> > Yes the dak mails for security-master are only sent to the security
> > team. I can confirm that
> > 
> > mysql-5.5_5.5.47-0+deb8u1_amd64.changes ACCEPTED into stable->embargoed
> > 
> > and
> > 
> > mysql-5.5_5.5.47-0+deb7u1_amd64.changes ACCEPTED into oldstable->embargoed
> > 
> > The buildd have picked up the work and builds are coming in.
> 
> Great. Thanks! Please let us know if we can help with anything else.

Sure. At the moment nothing. The build on arm64, armel and armhf
failed for the jessie-build but I guess it's a transient issue (I have
given back those and now they are in building status).

Regards,
Salvatore

Message #102 received at 811428-close@bugs.debian.org (full text, mbox, reply):

From: Lars Tangvald <lars.tangvald@oracle.com>

To: 811428-close@bugs.debian.org

Subject: Bug#811428: fixed in mysql-5.5 5.5.47-0+deb8u1

Date: Fri, 29 Jan 2016 10:33:22 +0000

Source: mysql-5.5
Source-Version: 5.5.47-0+deb8u1

We believe that the bug you reported is fixed in the latest version of
mysql-5.5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 811428@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lars Tangvald <lars.tangvald@oracle.com> (supplier of updated mysql-5.5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 13 Jan 2016 12:53:26 +0100
Source: mysql-5.5
Binary: libmysqlclient18 libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 mysql-server mysql-client mysql-testsuite mysql-testsuite-5.5 mysql-source-5.5
Architecture: source all amd64
Version: 5.5.47-0+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Robie Basak <robie.basak@ubuntu.com>
Changed-By: Lars Tangvald <lars.tangvald@oracle.com>
Description:
 libmysqlclient-dev - MySQL database development files
 libmysqlclient18 - MySQL database client library
 libmysqld-dev - MySQL embedded database development files
 libmysqld-pic - PIC version of MySQL embedded server development files
 mysql-client - MySQL database client (metapackage depending on the latest versio
 mysql-client-5.5 - MySQL database client binaries
 mysql-common - MySQL database common files, e.g. /etc/mysql/my.cnf
 mysql-server - MySQL database server (metapackage depending on the latest versio
 mysql-server-5.5 - MySQL database server binaries and system database setup
 mysql-server-core-5.5 - MySQL database server binaries
 mysql-source-5.5 - MySQL source
 mysql-testsuite - MySQL testsuite
 mysql-testsuite-5.5 - MySQL testsuite
Closes: 811428
Changes:
 mysql-5.5 (5.5.47-0+deb8u1) jessie-security; urgency=high
 .
   * Imported Upstream version 5.5.47 to fix security issues:
     - http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
     - CVE-2016-0546 CVE-2016-0505 CVE-2016-0596 CVE-2016-0597 CVE-2016-0616
       CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609
     (Closes: #811428)
   * fix-test-suite-failure-caused-by-arbitrary-date-in-the-future-patch is no
     longer needed, as bug is fixed in new Upstream version
Checksums-Sha1:
 cde18199285354b1c21552f6f2d5dcd7973fefc0 3093 mysql-5.5_5.5.47-0+deb8u1.dsc
 bf13eb8130bdee223876555f11d5f9d6b1a13270 21187802 mysql-5.5_5.5.47.orig.tar.gz
 b2ae23f9738c4c22e5b987b047ffa5095477955b 231560 mysql-5.5_5.5.47-0+deb8u1.debian.tar.xz
 a189f84a0273b16eb8d509bec7e1b80f86c4358a 82630 mysql-common_5.5.47-0+deb8u1_all.deb
 fd0e11c873a9ce1190b355e3848f6058ae4a375b 80858 mysql-server_5.5.47-0+deb8u1_all.deb
 0db2f3e873c6b5dcdd33ae36ee51411b2e7e6359 80734 mysql-client_5.5.47-0+deb8u1_all.deb
 e55386b6cd739f111805f8df8930a735d25cf45a 80706 mysql-testsuite_5.5.47-0+deb8u1_all.deb
 9cad3e410e9157af8d04d3f7738c72a10c94c08f 675200 libmysqlclient18_5.5.47-0+deb8u1_amd64.deb
 ec7a48fedf0104a64f0ab8e5f91e2a76f3552a90 3274324 libmysqld-pic_5.5.47-0+deb8u1_amd64.deb
 4989d02ffe2122e071248f90e5ae1af84434f79f 3270734 libmysqld-dev_5.5.47-0+deb8u1_amd64.deb
 30b8e154f1413a77433e56d7cd56c592b7682bec 956624 libmysqlclient-dev_5.5.47-0+deb8u1_amd64.deb
 53bf3d96f697db713684e1ec836cce2ce5a1f44a 1678212 mysql-client-5.5_5.5.47-0+deb8u1_amd64.deb
 c8e1ef8c6d983cb17ae9ebad8cce31d8459c86ec 3353280 mysql-server-core-5.5_5.5.47-0+deb8u1_amd64.deb
 5f734b9437763572ac254e5c0d44dbec7a5897ff 2021732 mysql-server-5.5_5.5.47-0+deb8u1_amd64.deb
 73351b7d0aba5c47b466479576baf3c05009e84f 4406598 mysql-testsuite-5.5_5.5.47-0+deb8u1_amd64.deb
 4c6a25313e804b20450e8d45bfd732e374f961d0 23015812 mysql-source-5.5_5.5.47-0+deb8u1_amd64.deb
Checksums-Sha256:
 c7c8227bb219e45e749e5fcb2c6281cfdffe0a8a5d9ccbfadfba4c6c7f07a823 3093 mysql-5.5_5.5.47-0+deb8u1.dsc
 77d0997e7ef47885a6682888e6d1282419687d333b2bd2365cb909a089b8db7b 21187802 mysql-5.5_5.5.47.orig.tar.gz
 b255a74066a915dbb0b823cebbfb0f661e21361fb72cecba5e111afdbda0feef 231560 mysql-5.5_5.5.47-0+deb8u1.debian.tar.xz
 7041645ff7e20a7b3250afa0ffc8c7ea4e78bb1045820f5945820328eec70474 82630 mysql-common_5.5.47-0+deb8u1_all.deb
 6594990ad28cb07af0c6b3a4cce295c885b76c4d7faee1561b85cfeb2c531362 80858 mysql-server_5.5.47-0+deb8u1_all.deb
 399a2504b5bfe6204a8e309e08b9d37f11bec6bc036706b85f41d6204668d740 80734 mysql-client_5.5.47-0+deb8u1_all.deb
 d8347fc0fe2f040d37fd9fcc8fe0df3d15e10653651b3449de5b190a8eba69f5 80706 mysql-testsuite_5.5.47-0+deb8u1_all.deb
 5fcef91d976ca6cb31976bd83690bcead2e35a11451accde3b209facbfdcff3c 675200 libmysqlclient18_5.5.47-0+deb8u1_amd64.deb
 2d5819c873d2a036c5063896fa92183924914f98bda4300756ef7d4f9e20cc52 3274324 libmysqld-pic_5.5.47-0+deb8u1_amd64.deb
 af8bfdf0ec97d3824794d5a9040ae1698dd2085ca028c51a2be28cce6f0599ae 3270734 libmysqld-dev_5.5.47-0+deb8u1_amd64.deb
 55fca6913159033aa02bf41904e5bf99a888f62a15ae25b283d5ad5e1f0fd3ff 956624 libmysqlclient-dev_5.5.47-0+deb8u1_amd64.deb
 92baf8838fd02bfb84d9d2db34b24502d4b16c05c9ee5e6257cdbc2e67b86af0 1678212 mysql-client-5.5_5.5.47-0+deb8u1_amd64.deb
 1169d6f86b3624e324fe749b744acbe75ed00c6ee60aa5d5bc0f9cf78ce520a8 3353280 mysql-server-core-5.5_5.5.47-0+deb8u1_amd64.deb
 a14abca032d736f21ebcaa5f2998c2b9dd2dc28a62131ea99fa0bace76115d0f 2021732 mysql-server-5.5_5.5.47-0+deb8u1_amd64.deb
 e5a851bbe4ff947d17a81f5ccc8257f10c7924a7e3fc4e89ac55a7f773de39de 4406598 mysql-testsuite-5.5_5.5.47-0+deb8u1_amd64.deb
 86e02b1049aa3b8a2b494bfccf2c5ae3e4a899375a7577fe5622e8f142d63e2a 23015812 mysql-source-5.5_5.5.47-0+deb8u1_amd64.deb
Files:
 454c57e0e98567866c2e6b6a4a819b9f 3093 database optional mysql-5.5_5.5.47-0+deb8u1.dsc
 cdeaa30303bca9c8361137b719ba7f3c 21187802 database optional mysql-5.5_5.5.47.orig.tar.gz
 cf47c349257aaafbcd44e54319b2ceef 231560 database optional mysql-5.5_5.5.47-0+deb8u1.debian.tar.xz
 6670bbb9a0e6f538772a413e10c3a751 82630 database optional mysql-common_5.5.47-0+deb8u1_all.deb
 4d3674bff60fd3bded399a4bde155a91 80858 database optional mysql-server_5.5.47-0+deb8u1_all.deb
 d817bd6edca0d348f3e44e1c27981606 80734 database optional mysql-client_5.5.47-0+deb8u1_all.deb
 672e07f2604ce3410cc37695078b6d88 80706 database optional mysql-testsuite_5.5.47-0+deb8u1_all.deb
 82e76d46faad86f9a8e067ac3ded47bc 675200 libs optional libmysqlclient18_5.5.47-0+deb8u1_amd64.deb
 079988389d1fb26ad2b8a32c2719ab74 3274324 libdevel optional libmysqld-pic_5.5.47-0+deb8u1_amd64.deb
 d8c479183d519263412d7d8010cfc348 3270734 libdevel optional libmysqld-dev_5.5.47-0+deb8u1_amd64.deb
 2b15f60676672d05abd7f71405ca1f35 956624 libdevel optional libmysqlclient-dev_5.5.47-0+deb8u1_amd64.deb
 8e0107c95b48f1e3d8264f4b9b7ac886 1678212 database optional mysql-client-5.5_5.5.47-0+deb8u1_amd64.deb
 99607fe925da70a1a8f38424b540ed2d 3353280 database optional mysql-server-core-5.5_5.5.47-0+deb8u1_amd64.deb
 3a1c4329b2e687b545798a2a424bd1a0 2021732 database optional mysql-server-5.5_5.5.47-0+deb8u1_amd64.deb
 a620e7b7a9ef8e69a04079a7d630c541 4406598 database optional mysql-testsuite-5.5_5.5.47-0+deb8u1_amd64.deb
 89013cd03b5d936e44cd1be487b3460b 23015812 database optional mysql-source-5.5_5.5.47-0+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWqNJnAAoJEL/srsug59jDRJ4QAKGt1smjMCVZcbeXdVWYOMwY
Pz3Ff8eyYn0FHeQcgWW+DkzizIV7B7LUC8glPFPDM1c4q3iTXu6L4h+7kFan6+/B
flf3g4vFXvFbTw+WTJgqOdOGVuWbLLDhcG2CS+vMlnkgiDO7oTcOVngOxJai+/hn
KkEDADVvrQAzRZaPwMwyRJsFkz3+owX2P8SE/I6TvwOrZ7dvrRU+0DZuEB/o522G
mmJXfuJp9jWr7yiuOSvpzeXFmMRzUNeJItY+PEgZ5w4gCqIuWRr202nRB2doZa5s
n+HeCNfCXN4p4OYQgr63i4ZuXlVmlRnmL7RBGDiaZlL1W9Z61Xb9vMMWpfTOixr7
j18v0xMxObJ4famC+JXxsd3Y9MKhowYBrdOegog4NCTHSJrNbhbcJycosyynAN9p
v5akIjiCt/chI5onssIIRBZKx1DPeIkAaNFdV19hQX9s4QsgxMDTQ31d7DpwCBje
NnQ8/B/z6Hk2eLt/oET/8RNtDbCFaEZesZagx+zYF2widV9higf7nDDmXhi1AOSb
2UgOhBd028UTVQzwtLhhLFf70MjWYTlXPz/5XVcgbaQy12QPIR6ksg+4N1I5wcOy
AEXNEZlPiL9DLjgWOsgJG2cZMq/ywnpJ99FNjVMf8nIfbzzm+DEOot82k2B4cBqe
aU3dCh4vXX3AgnQG3D88
=aOAT
-----END PGP SIGNATURE-----

Message #107 received at 811428-close@bugs.debian.org (full text, mbox, reply):

From: Lars Tangvald <lars.tangvald@oracle.com>

To: 811428-close@bugs.debian.org

Subject: Bug#811428: fixed in mysql-5.5 5.5.47-0+deb7u1

Date: Sun, 31 Jan 2016 18:03:25 +0000

Source: mysql-5.5
Source-Version: 5.5.47-0+deb7u1

We believe that the bug you reported is fixed in the latest version of
mysql-5.5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 811428@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lars Tangvald <lars.tangvald@oracle.com> (supplier of updated mysql-5.5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 Jan 2016 12:53:26 +0100
Source: mysql-5.5
Binary: libmysqlclient18 libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 mysql-server mysql-client mysql-testsuite-5.5 mysql-source-5.5
Architecture: source all amd64
Version: 5.5.47-0+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Robie Basak <robie.basak@ubuntu.com>
Changed-By: Lars Tangvald <lars.tangvald@oracle.com>
Description: 
 libmysqlclient-dev - MySQL database development files
 libmysqlclient18 - MySQL database client library
 libmysqld-dev - MySQL embedded database development files
 libmysqld-pic - PIC version of MySQL embedded server development files
 mysql-client - MySQL database client (metapackage depending on the latest versio
 mysql-client-5.5 - MySQL database client binaries
 mysql-common - MySQL database common files, e.g. /etc/mysql/my.cnf
 mysql-server - MySQL database server (metapackage depending on the latest versio
 mysql-server-5.5 - MySQL database server binaries and system database setup
 mysql-server-core-5.5 - MySQL database server binaries
 mysql-source-5.5 - MySQL source
 mysql-testsuite-5.5 - MySQL testsuite
Closes: 811428
Changes: 
 mysql-5.5 (5.5.47-0+deb7u1) wheezy-security; urgency=high
 .
   * Imported Upstream version 5.5.47 to fix security issues:
     - http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
     - CVE-2016-0546 CVE-2016-0505 CVE-2016-0596 CVE-2016-0597 CVE-2016-0616
       CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609
     (Closes: #811428)
   * fix-test-suite-failure-caused-by-arbitrary-date-in-the-future-patch is no
     longer needed, as bug is fixed in new Upstream version
Checksums-Sha1: 
 3378bbeba74b64ecb6bf24266b699d39796caaec 2934 mysql-5.5_5.5.47-0+deb7u1.dsc
 f0e0ba8000406794b4d442ea13cbde17a4189df6 376425 mysql-5.5_5.5.47-0+deb7u1.debian.tar.gz
 d224d5826e2dcad74ad1de17ce0a4c35c54c65cb 81870 mysql-common_5.5.47-0+deb7u1_all.deb
 c0f021d211cb3f97dd7f02f1f303bc15942b58ab 80100 mysql-server_5.5.47-0+deb7u1_all.deb
 12f4a2c02a407a96e5ffed7756eff5b9648dc613 79990 mysql-client_5.5.47-0+deb7u1_all.deb
 f5312be19b9f61eb252322d91881ecbb58adb4e3 685808 libmysqlclient18_5.5.47-0+deb7u1_amd64.deb
 575cb057c3c52865e5b23a79bf9219c8d1baf9ba 3183952 libmysqld-pic_5.5.47-0+deb7u1_amd64.deb
 f56d60df4ccdd1da8b717c7fe4a6953bee599edd 3181404 libmysqld-dev_5.5.47-0+deb7u1_amd64.deb
 ecfa1f61c618786c9e9ad7abb5b28836b9bbf077 956880 libmysqlclient-dev_5.5.47-0+deb7u1_amd64.deb
 d45656dcfa9d1351ec15c11874bb96e9da7fb9f1 1755108 mysql-client-5.5_5.5.47-0+deb7u1_amd64.deb
 997f0d7464910f710f898aecf8128a353c06870c 3406104 mysql-server-core-5.5_5.5.47-0+deb7u1_amd64.deb
 bfdde3b2610c8ddf66ff3d9dfeea63c39e44f0d3 2106068 mysql-server-5.5_5.5.47-0+deb7u1_amd64.deb
 9319939fef830cbed7094082b7d47d5839b2127e 4390850 mysql-testsuite-5.5_5.5.47-0+deb7u1_amd64.deb
 5aca6f2de537810732434ca086a41406c70cfeb5 23010340 mysql-source-5.5_5.5.47-0+deb7u1_amd64.deb
Checksums-Sha256: 
 d569b6f072fde7f88fc680d98d8939ce72196d9e6a1b055f368b8d84273c1982 2934 mysql-5.5_5.5.47-0+deb7u1.dsc
 03fe216a446bfec3fc642514aa79eb8ade292ab9b8164e5a127b80427e5e201e 376425 mysql-5.5_5.5.47-0+deb7u1.debian.tar.gz
 64eaed72223c379fa558889963a2adf7f5a692b09c180cabaf1942b5380aa03f 81870 mysql-common_5.5.47-0+deb7u1_all.deb
 5ffa3d5e93bdbc87bd8a7e61e3ebbe7c80bf6c174844f683cc1f244942acdc95 80100 mysql-server_5.5.47-0+deb7u1_all.deb
 d6e04249eb5d271b36ade565e93bb9e58a8bf7949c7bea314615d5641b9a01c4 79990 mysql-client_5.5.47-0+deb7u1_all.deb
 37624eae37ae682e2a8b5144ad712b11f04306b886710b67433604ee3a45c654 685808 libmysqlclient18_5.5.47-0+deb7u1_amd64.deb
 4d17b3d9fc08173a6223e5aa7260731e1a1c970ed547ed453745330145735542 3183952 libmysqld-pic_5.5.47-0+deb7u1_amd64.deb
 416b9416e94d7f9ee11b72e945e786f34d21a59f6d7b6a292c4e04458d14cc35 3181404 libmysqld-dev_5.5.47-0+deb7u1_amd64.deb
 62b0d1ade0fee1d8b7107bd2fe6d48a0f3e8bdae6de4665eeeb4794ad6c9b8dc 956880 libmysqlclient-dev_5.5.47-0+deb7u1_amd64.deb
 f1b6987a7f9e69e6f322a40144c73b2c3b0d9fd991bc367e331724e9752b1f5f 1755108 mysql-client-5.5_5.5.47-0+deb7u1_amd64.deb
 6a5920d9eb1f76795ed06fde82a425ca3061f311042200216273a197df924993 3406104 mysql-server-core-5.5_5.5.47-0+deb7u1_amd64.deb
 892bae40ca244de184fd388167e599a99ad0b73f650d33d2238a315a8e6556c4 2106068 mysql-server-5.5_5.5.47-0+deb7u1_amd64.deb
 48f0ad7b778d0905d0f994f1184af46c301c796481752123d4c5ce3d4821ca1d 4390850 mysql-testsuite-5.5_5.5.47-0+deb7u1_amd64.deb
 586b96f73c7c362593a3e98c30f5f8c7410f94bbb3435b5becaa9829c5aa84fe 23010340 mysql-source-5.5_5.5.47-0+deb7u1_amd64.deb
Files: 
 48c188a3e65f257316467e1fd067b225 2934 database optional mysql-5.5_5.5.47-0+deb7u1.dsc
 1faf2f03803d7432dcf99b7eea73e764 376425 database optional mysql-5.5_5.5.47-0+deb7u1.debian.tar.gz
 59a40574f4406de41fa1ad22b1025fc5 81870 database optional mysql-common_5.5.47-0+deb7u1_all.deb
 a23f75b32b6e2dc1c4700a60e3330ffd 80100 database optional mysql-server_5.5.47-0+deb7u1_all.deb
 015ef0fdcd5c26be51ef9b33fa3d1cd6 79990 database optional mysql-client_5.5.47-0+deb7u1_all.deb
 2d52473c63226529c3139c180e75f2ce 685808 libs optional libmysqlclient18_5.5.47-0+deb7u1_amd64.deb
 395d30008965f73367dc5a28e98232cc 3183952 libdevel optional libmysqld-pic_5.5.47-0+deb7u1_amd64.deb
 86dc90e326c5ea0cbd67355932a01222 3181404 libdevel optional libmysqld-dev_5.5.47-0+deb7u1_amd64.deb
 73bcf0acdc82056f2edf075d8cf00325 956880 libdevel optional libmysqlclient-dev_5.5.47-0+deb7u1_amd64.deb
 f5442d3dd6a8fb72fc877d54763fb359 1755108 database optional mysql-client-5.5_5.5.47-0+deb7u1_amd64.deb
 7455e0a5eb659876139089897f100718 3406104 database optional mysql-server-core-5.5_5.5.47-0+deb7u1_amd64.deb
 be71121597f2a19f1b11c8692c939e42 2106068 database optional mysql-server-5.5_5.5.47-0+deb7u1_amd64.deb
 5bd0e233636cfcb2486d477ca9dd998d 4390850 database optional mysql-testsuite-5.5_5.5.47-0+deb7u1_amd64.deb
 f1da273780469ba7effd69bc2be7ac5d 23010340 database optional mysql-source-5.5_5.5.47-0+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWq3ulAAoJEAVMuPMTQ89EiDcQAJHgSjeDmRSgLN4FExYVSdr0
AHTIxNrU0ojzOSAKTHE7xMjWVG2Dbue6NDZztUGMTuNsy+Y3mtZAMQLwITkuh8SZ
zUI+WpdmgFpyMi2jxuNnS/jgScorvnT5eEXYbTTGhZpPniPTmMNwiQfGbXtkTPmA
jcLtIhzxK1bmOLc+JozA8IdPKUkS+HhW2d6iN9CarW9+9NM6JkGGac9CMm0bdVPs
DKKl5xUC8OEHKbR8IUUQIU76SPUa4SvFSy2LTyyoZ6mDeMXpEPmIDpCaU5M+2Cpn
Z6zoiwiTDG69n99I+ifPNp3RvTYp7uegPhF7/FHjdXbXXKIMhQzK0Zxl8hJ7lMXd
FkEJ2/MByiCkzdBWCrneY41yIgvvEbdzV9Qx9wxd6H6/kVDPmfuQZJOLycKBWm2h
kcNx8oMsS9b9YWzmlJFzUcmp+4wL3ET/h41nY6nftYDEUlJdtnZLHL7zyaFuvASQ
zdRZZM1iE+bTgqZr/l3FxDX3IsJzuwSdp8SdXALWZ9Kp+vyNYshmXSB1gQ+4ohJL
YRnJCerCigmuCC5AYguAqlyJ2Obq12YKRPu2AOBBYxgEM7Tv5QZ+Za5csEAMiViO
7tW0apgETTLYy93nrHwifqEz31O5JcZob/3WYN0qWiMhqcMzyrfu3a4XEUCPJGYd
4xJB2z7+mFbcjFxiB9RY
=SUmG
-----END PGP SIGNATURE-----

Message #112 received at 811428-close@bugs.debian.org (full text, mbox, reply):

From: Santiago Ruano Rincón <santiagorr@riseup.net>

To: 811428-close@bugs.debian.org

Subject: Bug#811428: fixed in mysql-5.5 5.5.47-0+deb6u1

Date: Sun, 31 Jan 2016 22:34:20 +0000

Source: mysql-5.5
Source-Version: 5.5.47-0+deb6u1

We believe that the bug you reported is fixed in the latest version of
mysql-5.5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 811428@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Santiago Ruano Rincón <santiagorr@riseup.net> (supplier of updated mysql-5.5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 29 Jan 2016 06:41:35 +0100
Source: mysql-5.5
Binary: libmysqlclient18 mysql-common-5.5 mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 mysql-server mysql-client mysql-testsuite-5.5 mysql-source-5.5
Architecture: source all amd64
Version: 5.5.47-0+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Santiago Ruano Rincón <santiagorr@riseup.net>
Description: 
 libmysqlclient18 - MySQL database client library
 mysql-client - MySQL database client (metapackage depending on the latest versio
 mysql-client-5.5 - MySQL database client binaries
 mysql-common-5.5 - MySQL database common files, e.g. /etc/mysql/my.cnf
 mysql-server - MySQL database server (metapackage depending on the latest versio
 mysql-server-5.5 - MySQL database server binaries and system database setup
 mysql-server-core-5.5 - MySQL database server binaries
 mysql-source-5.5 - MySQL source
 mysql-testsuite-5.5 - MySQL testsuite
Closes: 811428
Changes: 
 mysql-5.5 (5.5.47-0+deb6u1) squeeze-lts; urgency=high
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * Merged from package proposed for wheezy by
     Lars Tangvald <lars.tangvald@oracle.com>
   * New upstream version that fixes the following issues:
     - http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
     - CVE-2016-0546 CVE-2016-0505 CVE-2016-0596 CVE-2016-0597 CVE-2016-0616
       CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609
     (Closes: #811428)
   * fix-test-suite-failure-caused-by-arbitrary-date-in-the-future-patch is no
     longer needed, as bug is fixed in new Upstream version
Checksums-Sha1: 
 4a3607664badc2199cf3491db39cf917d0643915 2368 mysql-5.5_5.5.47-0+deb6u1.dsc
 bf13eb8130bdee223876555f11d5f9d6b1a13270 21187802 mysql-5.5_5.5.47.orig.tar.gz
 ca60ef45d7e73bafcee666de647abdc07ebfa97d 384900 mysql-5.5_5.5.47-0+deb6u1.debian.tar.gz
 9226936d229ba05f08363b46fe1591509fa2516f 82196 mysql-common-5.5_5.5.47-0+deb6u1_all.deb
 426818868fb0df96b99abfbe030014c3732dd96d 80360 mysql-server_5.5.47-0+deb6u1_all.deb
 2d8e3649596aba0fb05348ea7f318a338d5f3557 80246 mysql-client_5.5.47-0+deb6u1_all.deb
 5ccb7fea30c66f53dd6b34f22dbcdb360ca1da9b 683580 libmysqlclient18_5.5.47-0+deb6u1_amd64.deb
 3dd46597f68a6268b16741ea64003616f8757067 1750522 mysql-client-5.5_5.5.47-0+deb6u1_amd64.deb
 8065858445426a35f226ac8bcd42c9474246bf4c 3430020 mysql-server-core-5.5_5.5.47-0+deb6u1_amd64.deb
 239d635f8576deb4a98863c02b57e032fe5ae00a 1942608 mysql-server-5.5_5.5.47-0+deb6u1_amd64.deb
 e062e5846da3ef8c3bf8ef3fdba7778c100fdcff 4288898 mysql-testsuite-5.5_5.5.47-0+deb6u1_amd64.deb
 f42242356ad2cc2535849c2d75245bf59e0c4823 22964454 mysql-source-5.5_5.5.47-0+deb6u1_amd64.deb
Checksums-Sha256: 
 54bdfc5787ab1bbc746947269efd1a598b3eeba8d18d3a097374f338b28c9906 2368 mysql-5.5_5.5.47-0+deb6u1.dsc
 77d0997e7ef47885a6682888e6d1282419687d333b2bd2365cb909a089b8db7b 21187802 mysql-5.5_5.5.47.orig.tar.gz
 b45bcd5d36d22d5a733d61cdbd2a5a860af50853b519140d07909e539d51c3cf 384900 mysql-5.5_5.5.47-0+deb6u1.debian.tar.gz
 7a64f56c24d86a1a4b6b205c36c1c513bf4543d77d5afa57dbdc3d91049c9a08 82196 mysql-common-5.5_5.5.47-0+deb6u1_all.deb
 ac028d739e18e731a61c713e1a0aae2d1cfe83d33e6631f6bca75f5a1ed78d32 80360 mysql-server_5.5.47-0+deb6u1_all.deb
 89fdf48cf752ce0587d1f9d7a481d2e864d4a96b15dae6bb973cc3c5e8c53143 80246 mysql-client_5.5.47-0+deb6u1_all.deb
 201fc24a044a08d9409d697e6128f43be23f4781ea70444a173224d2ba101f1f 683580 libmysqlclient18_5.5.47-0+deb6u1_amd64.deb
 bc1a15c03045cbfc1fc4a7156e49d116df7e8c7af35bdbd6fc1ebd601fb1d090 1750522 mysql-client-5.5_5.5.47-0+deb6u1_amd64.deb
 8706ebc260d3f38f6dfae75fc03cadc1810c5039bce8400654edd004d3c75bab 3430020 mysql-server-core-5.5_5.5.47-0+deb6u1_amd64.deb
 07b27e9c5f759d06dede4935d6017d14268d95757c1561f98164681193490e32 1942608 mysql-server-5.5_5.5.47-0+deb6u1_amd64.deb
 a07682c369f31fa0a5ef1f390cfb19c273c5f5603fd8a1801bb419987c033775 4288898 mysql-testsuite-5.5_5.5.47-0+deb6u1_amd64.deb
 c37ecf60a051b23c079b9f2dbb2082a4f0d45c923c0012cd55677d71e49feb54 22964454 mysql-source-5.5_5.5.47-0+deb6u1_amd64.deb
Files: 
 d5f70d0ec33d49c7b7e27a8a350e60bd 2368 database optional mysql-5.5_5.5.47-0+deb6u1.dsc
 cdeaa30303bca9c8361137b719ba7f3c 21187802 database optional mysql-5.5_5.5.47.orig.tar.gz
 565d4a3d794dd523f61843cde1360c4b 384900 database optional mysql-5.5_5.5.47-0+deb6u1.debian.tar.gz
 0a74f209433d4ac8086e63be2c40b11e 82196 database optional mysql-common-5.5_5.5.47-0+deb6u1_all.deb
 29a991c691d58aecb4647c056e32a49c 80360 database optional mysql-server_5.5.47-0+deb6u1_all.deb
 2c138fb23d332006f823e9c4204f8c16 80246 database optional mysql-client_5.5.47-0+deb6u1_all.deb
 9e7365364f4bb8ca424e1aa2ae372561 683580 libs optional libmysqlclient18_5.5.47-0+deb6u1_amd64.deb
 13775c37d3a281abf83643f82820d43d 1750522 database optional mysql-client-5.5_5.5.47-0+deb6u1_amd64.deb
 5887d6c85204a89ec843c6765d3227f1 3430020 database optional mysql-server-core-5.5_5.5.47-0+deb6u1_amd64.deb
 55f55ba4a9159dfc4c2ecb55edee0efb 1942608 database optional mysql-server-5.5_5.5.47-0+deb6u1_amd64.deb
 76565d90229b0241cc6a53add19cf1a3 4288898 database optional mysql-testsuite-5.5_5.5.47-0+deb6u1_amd64.deb
 371878c910760e2580c6468c76ce7357 22964454 database optional mysql-source-5.5_5.5.47-0+deb6u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWrntXAAoJEN5v/bjI1ki97F8P/1r0AvqNAKHnGRfgIz6NtCJr
r/9SP3pjBEWqI7ujfJLSWCSxb34ZvjAk/BGFaH2+WsrD6lWQ1u1/w4D0Bgi6ywNx
DTOxzs9y06brWIgHNENHiuOnZKPlV1b4r1Qj3vpZdpCy5cu/V7ghmqPv4LClc7sO
RdlyDEUB57+Kc9P5DEUNBDA/EQWtIeimNpOPBqnSpyNu6YLrOz+X6m65yU5ZYkTy
5wmUMBzhXTaTttZksilDpwcYznuhV8WEWqyjrDNfUDQH18Ho1P7v+kMoksmLEAnD
a65/Nu+4Wee4rcUCLW+6Ikn+jdYmZfLgoXV0ro68gc6sa0Nsr2yTqdNqnu6cs88C
Pe07iS3isWJoNZ9mYkngIACaLsMCH4AvHlakkyBkI95IhbYK10xGyio+jb+SHQ3w
CDUg35m8oCTld8ZUy/Lr8EKHMZCte5x7O4RszwTIYw1NdWDH70NbaXeV5TOySD5Y
YDzvVinoMB/9hBtWvGtPC8E7BLiQ+CpeP4lYo00qb3V8awFZxlHq36QzQYbfbnCZ
t5zlU7nuT1FPD91Jl9PA0O738nLJ5NsCQCa/SAnmmMKSl6gcN4nt9kmDFmquZC9m
rzNTKp5fhF/U3twSS90YHo/pn4zFxDvF+Pz6tc0J0soDuRlh03FqL0rJFYewfSgE
VhW/9mYgAOdqA4Kr6NGp
=F2up
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.