Debian Bug report logs -
#687484
CVE-2012-4414: SQL injection
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 13 Sep 2012 08:06:01 UTC
Severity: grave
Tags: security
Found in version 5.1.66-0+squeeze1
Fixed in versions 5.1.72-1, 5.5.29+dfsg-1
Done: Henri Salo <henri@nerv.fi>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#687484
; Package mysql-5.1
.
(Thu, 13 Sep 2012 08:06:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Thu, 13 Sep 2012 08:06:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: mysql-5.1
Severity: grave
Tags: security
Justification: user security hole
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4414 for details
and patches.
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#687484
; Package mysql-5.1
.
(Tue, 30 Sep 2014 06:21:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Tue, 30 Sep 2014 06:21:10 GMT) (full text, mbox, link).
Message #10 received at 687484@bugs.debian.org (full text, mbox, reply):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
What is current status of CVE-2012-4414? Information about the issue in
http://www.openwall.com/lists/oss-security/2012/09/11/4
Marked as grave and security without any comments from maintainers. Plans to
patch this issue? If not could you please give reasoning, thank you.
- ---
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQqS24ACgkQXf6hBi6kbk/cCQCdGwbC8Tk1kzx1Mjg5OHDAp7wI
KcwAn0NnXCiW/G9CuOQGMRk2xUODZAtm
=zrVO
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#687484
; Package mysql-5.1
.
(Tue, 30 Sep 2014 07:12:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Arnaud Fontaine <arnau@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Tue, 30 Sep 2014 07:12:05 GMT) (full text, mbox, link).
Message #15 received at 687484@bugs.debian.org (full text, mbox, reply):
Henri Salo <henri@nerv.fi> writes:
> What is current status of CVE-2012-4414? Information about the issue in
> http://www.openwall.com/lists/oss-security/2012/09/11/4
>
> Marked as grave and security without any comments from maintainers. Plans to
> patch this issue? If not could you please give reasoning, thank you.
I think this bug only affects squeeze (oldstable) which reached its EOL
and is now only supported by volunteers as part of the Debian-LTS
project so you should probably get in touch with them:
https://wiki.debian.org/LTS
Cheers,
--
Arnaud Fontaine
Marked as fixed in versions 5.5.29+dfsg-1.
Request was from Henri Salo <henri@nerv.fi>
to control@bugs.debian.org
.
(Tue, 30 Sep 2014 08:39:04 GMT) (full text, mbox, link).
Marked as fixed in versions 5.1.72-1.
Request was from Henri Salo <henri@nerv.fi>
to control@bugs.debian.org
.
(Tue, 30 Sep 2014 08:45:14 GMT) (full text, mbox, link).
Marked as found in versions 5.1.66-0+squeeze1.
Request was from Henri Salo <henri@nerv.fi>
to control@bugs.debian.org
.
(Tue, 30 Sep 2014 08:48:30 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#687484
; Package mysql-5.1
.
(Tue, 30 Sep 2014 09:21:05 GMT) (full text, mbox, link).
Acknowledgement sent
to "Norvald H. Ryeng" <norvald.ryeng@oracle.com>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Tue, 30 Sep 2014 09:21:05 GMT) (full text, mbox, link).
Message #26 received at 687484@bugs.debian.org (full text, mbox, reply):
On Tue, 30 Sep 2014 08:19:26 +0200, Henri Salo <henri@nerv.fi> wrote:
> What is current status of CVE-2012-4414? Information about the issue in
> http://www.openwall.com/lists/oss-security/2012/09/11/4
>
> Marked as grave and security without any comments from maintainers.
> Plans to
> patch this issue? If not could you please give reasoning, thank you.
This issue was fixed as CVE-2013-0375 in MySQL 5.1.67 and 5.5.29 [1].
CVE-2013-0375 and CVE-2012-4414 are equivalent.
Regards,
Norvald H. Ryeng
[1]
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html#AppendixMSQL
Reply sent
to Henri Salo <henri@nerv.fi>
:
You have taken responsibility.
(Tue, 30 Sep 2014 11:45:17 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Bug acknowledged by developer.
(Tue, 30 Sep 2014 11:45:17 GMT) (full text, mbox, link).
Message #31 received at 687484-close@bugs.debian.org (full text, mbox, reply):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Closing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQqlq8ACgkQXf6hBi6kbk9PFQCZAQISjF/oJq58OsdBGxBZze6B
GgcAnA5MewxeLwApOlq56l+N0wrazsX+
=aeWF
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 29 Oct 2014 07:35:47 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:19:11 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.