[debian-mysql] Bug#659687: Multiple security issues

Jonathan Aquilina eagles051387 at gmail.com
Tue Feb 14 09:58:09 UTC 2012


I know you all are worried about these security issues. I spoke to some
devs that work for Oracle, and they say that these security are of utmost
importance to get fixed, and a patch version will be released as soon as
the flaws have been patch. It seems that upstream is aware of these issues
that at this point its just a waiting game for upstream oracle.

On Tue, Feb 14, 2012 at 3:14 AM, Clint Byrum <clint at ubuntu.com> wrote:

> Excerpts from Moritz Muehlenhoff's message of Mon Feb 13 00:15:43 -0800
> 2012:
> > Package: mysql-5.1
> > Severity: grave
> > Tags: security
> >
> > Multiple security issues have been announced in MySQL:
> >
> http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html#AppendixMSQL
> >
> > Unfortunately Oracle refuses to release specific information, which
> allow isolating
> > security fixes. As such, we should proceed by releasing 5.1.61 in
> stable-security.
> >
>
> Agreed, I doubt we will be able to find and patch everything.
>
> > MySQL 5.5 from experimental is affected as well. Do you plan to have 5.5
> replace
> > 5.1 for Wheezy?
>
> Yes, there's a tentative 5.5.20 in the svn repository for
> experimental. Once the discussion about whether to continue on with
> MySQL upstream is made, I figure we'll either start a transition, or
> push 5.5.20 into unstable. The CVE doesn't say what version of 5.5 is
> affected, but 5.5.20 is still the highest one on dev.mysql.com.
>
> _______________________________________________
> pkg-mysql-maint mailing list
> pkg-mysql-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint
>



-- 
Jonathan Aquilina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20120214/83b8e6da/attachment.html>


More information about the pkg-mysql-maint mailing list