[debian-mysql] Bug#659687: Multiple security issues
Clint Byrum
clint at ubuntu.com
Tue Feb 14 02:14:49 UTC 2012
Excerpts from Moritz Muehlenhoff's message of Mon Feb 13 00:15:43 -0800 2012:
> Package: mysql-5.1
> Severity: grave
> Tags: security
>
> Multiple security issues have been announced in MySQL:
> http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html#AppendixMSQL
>
> Unfortunately Oracle refuses to release specific information, which allow isolating
> security fixes. As such, we should proceed by releasing 5.1.61 in stable-security.
>
Agreed, I doubt we will be able to find and patch everything.
> MySQL 5.5 from experimental is affected as well. Do you plan to have 5.5 replace
> 5.1 for Wheezy?
Yes, there's a tentative 5.5.20 in the svn repository for
experimental. Once the discussion about whether to continue on with
MySQL upstream is made, I figure we'll either start a transition, or
push 5.5.20 into unstable. The CVE doesn't say what version of 5.5 is
affected, but 5.5.20 is still the highest one on dev.mysql.com.
More information about the pkg-mysql-maint
mailing list