[debian-mysql] Bug#682210: CVE-2012-1735 CVE-2012-0540 CVE-2012-1757 CVE-2012-1756 CVE-2012-1734 CVE-2012-1689

Moritz Muehlenhoff muehlenhoff at univention.de
Fri Jul 20 10:17:16 UTC 2012


Package: mysql-5.5
Severity: grave
Tags: security

New MySQL security round:

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

CVE-2012-1735	MySQL Server	MySQL Protocol	Server Optimizer	No	6.8	Network		Low	Single	None  None  Complete  5.5.23 and earlier   
CVE-2012-0540 	MySQL Server 	MySQL Protocol 	GIS Extension 		No 	4.0 	Network 	Low 	Single 	None  None  Partial+  5.1.62 and earlier, 5.5.23 and earlier   
CVE-2012-1757 	MySQL Server 	MySQL Protocol 	InnoDB 			No 	4.0 	Network 	Low 	Single 	None  None  Partial+  5.5.23 and earlier   
CVE-2012-1756 	MySQL Server 	MySQL Protocol 	Server 			No 	4.0 	Network 	Low 	Single 	None  None  Partial+  5.5.23 and earlier    
CVE-2012-1734 	MySQL Server 	MySQL Protocol 	Server Optimizer 	No 	4.0 	Network 	Low 	Single 	None  None  Partial+  5.1.62 and earlier, 5.5.23 and earlier   
CVE-2012-1689 	MySQL Server 	MySQL Protocol 	Server Optimizer 	No 	4.0 	Network 	Low 	Single 	None  None  Partial+  5.1.62 and earlier, 5.5.22 and earlier    

The advisory is confusing, I'm not sure which upstream version fixes these
issues. I'm afraid we'll have to update to a new upstream, though.

Maybe we can switch to a FLOSS-friendly fork like mariadb after Wheezy
release...

Cheers,
        Moritz



More information about the pkg-mysql-maint mailing list