Debian Bug report logs -
#860547
Security fixes from the April 2017 CPU
Reported by: "Norvald H. Ryeng" <norvald.ryeng@oracle.com>
Date: Tue, 18 Apr 2017 11:51:01 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in version mysql-5.7/5.7.17-1
Fixed in version mysql-5.7/5.7.18-1
Done: Lars Tangvald <lars.tangvald@oracle.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#860547; Package src:mysql-5.7.
(Tue, 18 Apr 2017 11:51:03 GMT) (full text, mbox, link).
Acknowledgement sent
to "Norvald H. Ryeng" <norvald.ryeng@oracle.com>:
New Bug report received and forwarded. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>.
(Tue, 18 Apr 2017 11:51:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.7
Version: 5.7.17-1
Severity: grave
Tags: security upstream fixed-upstream
The Oracle Critical Patch Update for April 2017 will be released on
Tuesday, April 18. According to the pre-release announcement [1], it
will contain information about CVEs fixed in MySQL 5.7.18.
The CVE numbers will be available when the CPU is released.
Please note that the MySQL release cycle has changed from every two
months to every three months. The releases are now synchronized with
the CPU announcements.
Best regards,
Norvald H. Ryeng
[1] http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#860547; Package src:mysql-5.7.
(Wed, 19 Apr 2017 05:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Lars Tangvald <lars.tangvald@oracle.com>:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>.
(Wed, 19 Apr 2017 05:39:04 GMT) (full text, mbox, link).
Message #10 received at 860547@bugs.debian.org (full text, mbox, reply):
CVE List for 5.7:
CVE-2017-3308
CVE-2017-3309
CVE-2017-3329
CVE-2017-3331
CVE-2017-3450
CVE-2017-3453
CVE-2017-3454
CVE-2017-3455
CVE-2017-3456
CVE-2017-3457
CVE-2017-3458
CVE-2017-3459
CVE-2017-3460
CVE-2017-3461
CVE-2017-3462
CVE-2017-3463
CVE-2017-3464
CVE-2017-3465
CVE-2017-3467
CVE-2017-3468
CVE-2017-3599
CVE-2017-3600
--
Lars
Reply sent
to Lars Tangvald <lars.tangvald@oracle.com>:
You have taken responsibility.
(Wed, 26 Apr 2017 15:09:17 GMT) (full text, mbox, link).
Notification sent
to "Norvald H. Ryeng" <norvald.ryeng@oracle.com>:
Bug acknowledged by developer.
(Wed, 26 Apr 2017 15:09:17 GMT) (full text, mbox, link).
Message #15 received at 860547-close@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.7
Source-Version: 5.7.18-1
We believe that the bug you reported is fixed in the latest version of
mysql-5.7, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 860547@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lars Tangvald <lars.tangvald@oracle.com> (supplier of updated mysql-5.7 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 19 Apr 2017 07:23:52 +0200
Source: mysql-5.7
Binary: libmysqlclient20 libmysqld-dev libmysqlclient-dev mysql-client-core-5.7 mysql-client-5.7 mysql-server-core-5.7 mysql-server-5.7 mysql-server mysql-client mysql-testsuite mysql-testsuite-5.7 mysql-source-5.7
Architecture: source amd64 all
Version: 5.7.18-1
Distribution: unstable
Urgency: high
Maintainer: Robie Basak <robie.basak@ubuntu.com>
Changed-By: Lars Tangvald <lars.tangvald@oracle.com>
Description:
libmysqlclient-dev - MySQL database development files
libmysqlclient20 - MySQL database client library
libmysqld-dev - MySQL embedded database development files
mysql-client - MySQL database client (metapackage depending on the latest versio
mysql-client-5.7 - MySQL database client binaries
mysql-client-core-5.7 - MySQL database core client binaries
mysql-server - MySQL database server (metapackage depending on the latest versio
mysql-server-5.7 - MySQL database server binaries and system database setup
mysql-server-core-5.7 - MySQL database server binaries
mysql-source-5.7 - MySQL source
mysql-testsuite - MySQL regression tests
mysql-testsuite-5.7 - MySQL 5.7 testsuite
Closes: 844275 860547
Changes:
mysql-5.7 (5.7.18-1) unstable; urgency=high (security fixes)
.
[ Lars Tangvald ]
* Imported upstream version 5.7.18 to fix security issues:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
- CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3331
- CVE-2017-3450 CVE-2017-3453 CVE-2017-3454 CVE-2017-3455
- CVE-2017-3456 CVE-2017-3457 CVE-2017-3458 CVE-2017-3459
- CVE-2017-3460 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463
- CVE-2017-3464 CVE-2017-3465 CVE-2017-3467 CVE-2017-3468
- CVE-2017-3599 CVE-2017-3600
(Closes: #860547)
* d/patches: Dropped fixes that are applied upstream
- fix_test_events_2
- fix_mysql_config_flags
(Closes: #844275)
* Add connection_control plugin (LP: #1633485)
This is a security-enhancing plugin (disabled by default)
that enables rate limiting of connection attempts
https://dev.mysql.com/doc/refman/5.7/en/connection-control-plugin.html
* d/server-core.install: Remove my-default.cnf
The config file has not been maintained in a long time, and would
cause errors if used with a 5.7 server. Removed from build by upstream
.
[ Robie Basak ]
* Drop innotop
The bundled innotop util was not maintained. For details, see:
http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/2017-January/010180.html
Checksums-Sha1:
af67fd65dedae7d9456bca2ef343b46a3bf69272 3255 mysql-5.7_5.7.18-1.dsc
346e91db0160434488493966054eb25f712c89c8 61612105 mysql-5.7_5.7.18.orig.tar.gz
56966d0cfdbabe0d51bc75951c210315bd53a763 3291820 mysql-5.7_5.7.18-1.debian.tar.xz
a190b5166c01a6348ad9aec3f05da212da673cf9 1297472 libmysqlclient-dev_5.7.18-1_amd64.deb
890b10d01eba096a6382e24829130385141b2bf2 1850642 libmysqlclient20-dbgsym_5.7.18-1_amd64.deb
f076f3447dcfd0a672247a343615a0946ef2070e 952002 libmysqlclient20_5.7.18-1_amd64.deb
d19eb6461cd58daf0b975930b7576af3c65f809b 6632684 libmysqld-dev_5.7.18-1_amd64.deb
bb7e772b5989845ce8991239a2411c8cb6e1995d 11942 mysql-5.7_5.7.18-1_amd64.buildinfo
fe2ee423f84c712d1e897c6a1e431e477ab13ac8 17671678 mysql-client-5.7-dbgsym_5.7.18-1_amd64.deb
0b2454ca645499b2a1081fc24f4b5a4ffe30f8e9 2431644 mysql-client-5.7_5.7.18-1_amd64.deb
0d00a2bdf10938ef5f048d2ae15b01205367c3e1 62065540 mysql-client-core-5.7-dbgsym_5.7.18-1_amd64.deb
5685df980ff2fa7c6f384a831bf760c50bd9e025 7033952 mysql-client-core-5.7_5.7.18-1_amd64.deb
76e8fe99a025f6fba7c4586c83f8312d434e6499 155492 mysql-client_5.7.18-1_all.deb
c34bac40e8945d51844412d9ff077899b1e79d57 17281462 mysql-server-5.7-dbgsym_5.7.18-1_amd64.deb
8f3a10d4a881432a4251cabfd296f6d1b64d7b09 3308928 mysql-server-5.7_5.7.18-1_amd64.deb
f2b42501d7a4c8003a37f1f24cb64bc6b168b6ec 82381706 mysql-server-core-5.7-dbgsym_5.7.18-1_amd64.deb
9758078b9bf11ed94b2d940df774f6dc6b802ba9 7817456 mysql-server-core-5.7_5.7.18-1_amd64.deb
45fe61e86b866ded445232b0668a005dd3efe4ce 155616 mysql-server_5.7.18-1_all.deb
d6044bbee6421e366b70e802c8df3be3cccd14a6 61932096 mysql-source-5.7_5.7.18-1_amd64.deb
ce3d9d9b2fad849264fd7e8b6435296fcf321933 122285890 mysql-testsuite-5.7-dbgsym_5.7.18-1_amd64.deb
2b35d7d6b0b700cc30de2f360ec2a3a724c6dcc6 22613380 mysql-testsuite-5.7_5.7.18-1_amd64.deb
78cc66836a7628b4a4e8fd59952358246ae5b64f 155474 mysql-testsuite_5.7.18-1_all.deb
Checksums-Sha256:
9e9e7e368c90e5f3d7624603efd8195c833a85fb2cc4d2400ee9e3df316b4d83 3255 mysql-5.7_5.7.18-1.dsc
ae6f5e2cf7b936496cf60260cd7fd5a0862c21f48cd240448021c4ea067a0f0c 61612105 mysql-5.7_5.7.18.orig.tar.gz
3941392c361f78e3d83bda640d070e4e35af3ecd2fff1c251a6bd010b389f372 3291820 mysql-5.7_5.7.18-1.debian.tar.xz
c41c5daf45364a3e9d626570f40be9b11510a4d00fa6fbfad830d38cf7baa07f 1297472 libmysqlclient-dev_5.7.18-1_amd64.deb
1b2d70f333ae1de17dfe1afa4b35f8d8472c5e344d673f0297b4355306d6561a 1850642 libmysqlclient20-dbgsym_5.7.18-1_amd64.deb
f7c4747cf9f67e8fc75860f27ab39e4426866bdd7826fdcab1e9f9827336110b 952002 libmysqlclient20_5.7.18-1_amd64.deb
951a630b33bd33f7f1d61e73d50cced130ecf11d0e66bd75784e2dee89cca5cd 6632684 libmysqld-dev_5.7.18-1_amd64.deb
1247359f4acd150fa558a1458a30c4a6182c76ee325bcae01981061f28421083 11942 mysql-5.7_5.7.18-1_amd64.buildinfo
7812a17ead569973650e4332aea82c33d168e35028b50b736970c3d4f172dbaa 17671678 mysql-client-5.7-dbgsym_5.7.18-1_amd64.deb
8c79da9d40e1cd2191742297dbaa5bb325ed8d5ebcd7a166bd526d10eeb91a57 2431644 mysql-client-5.7_5.7.18-1_amd64.deb
91736d85c876dd684551aeb0cc5355ece0c6e32f12539c774baf31a52c4bbd8b 62065540 mysql-client-core-5.7-dbgsym_5.7.18-1_amd64.deb
2e86b7cb878285318f85bc5917a4b18748a4aedfa4180bf640b554ec69d60161 7033952 mysql-client-core-5.7_5.7.18-1_amd64.deb
a3a2e1f69f1b4e4ce3ee2507331281ba1e49e647764ca90e5a60dc95f557aa27 155492 mysql-client_5.7.18-1_all.deb
67f663837e187353c8b6e8e52bb715ba7a3abedb8d4724c1285bc242d011218e 17281462 mysql-server-5.7-dbgsym_5.7.18-1_amd64.deb
4285d22e7d7c3b702292689356cbffa70550429d2d2717e102abbc80b93c4d4b 3308928 mysql-server-5.7_5.7.18-1_amd64.deb
64a54c6bd1986160b3dd05eb916739889f24472d8d8fa4f55550ef972a98a1a9 82381706 mysql-server-core-5.7-dbgsym_5.7.18-1_amd64.deb
1fdf4a2576c720b0fe7e0f57cec2e4a386b10f58c3e42c5a75d8668e69349b41 7817456 mysql-server-core-5.7_5.7.18-1_amd64.deb
61f26322b0aac105957d3346e8f69f30f40423e7c7dfbf170e57616fe7299ac4 155616 mysql-server_5.7.18-1_all.deb
604828776dba7ffde62a7b3adbfb7b5b458f266b64d3a212efec0516de0295fb 61932096 mysql-source-5.7_5.7.18-1_amd64.deb
361f37addac819ba54773fd146830034c853134e8c90b9f6e96b2416c06b1ee0 122285890 mysql-testsuite-5.7-dbgsym_5.7.18-1_amd64.deb
728cd1291dc2af0172e98e601b41116f190b282fec5d2c99b66d0dcd2a918422 22613380 mysql-testsuite-5.7_5.7.18-1_amd64.deb
6aa0d87d054e42b7a98f19b19f7bf53612dcf8a34450da5acb87ee4654cf8899 155474 mysql-testsuite_5.7.18-1_all.deb
Files:
8dd4f97fb5d84b14748b3d5041f82b78 3255 database optional mysql-5.7_5.7.18-1.dsc
dfcdf70d393884298b7cbf21e821c457 61612105 database optional mysql-5.7_5.7.18.orig.tar.gz
60914f539ca2c656aaa7c1a72e3f0b99 3291820 database optional mysql-5.7_5.7.18-1.debian.tar.xz
a04d67cac49222c7bf5e919d9d47eb0a 1297472 libdevel optional libmysqlclient-dev_5.7.18-1_amd64.deb
ccdc7b05b3c40d67119f733cb5765cb2 1850642 debug extra libmysqlclient20-dbgsym_5.7.18-1_amd64.deb
5f6087905a8d5d431479f54e7fe96e90 952002 libs optional libmysqlclient20_5.7.18-1_amd64.deb
17b0bf3009a634b109d8fa840390ddad 6632684 libdevel optional libmysqld-dev_5.7.18-1_amd64.deb
41c4bedc425fd34fbdfdafd8b60a2ed4 11942 database optional mysql-5.7_5.7.18-1_amd64.buildinfo
bc554073fcdd9f6c8200b08e1cb884ca 17671678 debug extra mysql-client-5.7-dbgsym_5.7.18-1_amd64.deb
1deab11558208691e8caa6e3c13e02d4 2431644 database optional mysql-client-5.7_5.7.18-1_amd64.deb
7698f4f00579b7cb6f417d49ca2e8c9a 62065540 debug extra mysql-client-core-5.7-dbgsym_5.7.18-1_amd64.deb
0798dd02ee46490804a07bf4a7138911 7033952 database optional mysql-client-core-5.7_5.7.18-1_amd64.deb
a45b87692102205ebe9ec982d7936227 155492 database optional mysql-client_5.7.18-1_all.deb
420af7df8a8598be027ee82a9de44d4a 17281462 debug extra mysql-server-5.7-dbgsym_5.7.18-1_amd64.deb
22da256eb61d70350fc786cbb01d5d97 3308928 database optional mysql-server-5.7_5.7.18-1_amd64.deb
8c9f9384704061356a55d4a0229ae5e2 82381706 debug extra mysql-server-core-5.7-dbgsym_5.7.18-1_amd64.deb
39658ec18a623ff41bd538b41d34d0ea 7817456 database optional mysql-server-core-5.7_5.7.18-1_amd64.deb
d4215d16f415baea60387db7783a8bd2 155616 database optional mysql-server_5.7.18-1_all.deb
a225a5b7eb093f3693d7c55ffb6ea950 61932096 database optional mysql-source-5.7_5.7.18-1_amd64.deb
eb2316ee1da79d00936975565bbfd0ca 122285890 debug extra mysql-testsuite-5.7-dbgsym_5.7.18-1_amd64.deb
f01582bbbcd13999bf6b8865f1e8e8c1 22613380 database optional mysql-testsuite-5.7_5.7.18-1_amd64.deb
8d5f3a904c936dfe1a1d42ef4e8813cf 155474 database optional mysql-testsuite_5.7.18-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJZAJ8wAAoJEOVkucJ1vdUuEhcP+wQFz43iidTIZBjwHXQTtcg/
TAhtE662xaYsUQCceX+3tKOORvYK/GYV0zRjPGn2LukurY/Bcju1cEieoza4hnqm
rujnUOFsXF/hxYLguOLpBR6PJfcKErtdKj68ZRHKvSjpwsfwLEBw2FV2jh4nWHyT
Owl+/v0OvrLQLJioFOSvhSUUD9C48SbETVpjLcO4JeEVKbQf6hj/8fZe9XrtRRDd
oCdkSU183sLlA9i05dY47dQclaCJtc7KJxu5a3JKQtp1wh7U0Cr4lHpODWSi1iJQ
IoWTQzYxbS/NVZLEdyzDPGaF5fR7KkQ79c/aTJZ8FjP7W961UlRFlnKZWCYcJfw9
20Yrz9MQD05T2JVGQbbs291Eps1hrQz4MvZ4DLp1Ra1m5tk3WzSCaNOaGazdAMuk
yDb5jqo+V0nOdNEmA5+AulL5pRVm6rBKEAmnJVsuq6lOYd+vZO3Yc0cXcQ9O7N4t
B1Lsik3nepHWeEzhBryUaitmVWD0i3Sq2gZFzs8aFdHhZpf3xbrgqYGtyZDz10N6
7hvynfHyygx4s8sZW+djKqU1rrZ41+a1EW92n0aTBUkZR5lg0/eCqxEOVoIm/r6O
i8EMKIq9nxRSkdRvnotJQ8sln6hSDX8YhRmEK6Rp6/+m12aQKoiGssUXgAgPn4H6
AWCVvT903f5dxmwIOEsy
=iy9f
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 25 May 2017 07:26:29 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:30:16 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon