[debian-mysql] Bug#682210: CVE-2012-1735 CVE-2012-0540 CVE-2012-1757 CVE-2012-1756 CVE-2012-1734 CVE-2012-1689
Moritz Muehlenhoff
muehlenhoff at univention.de
Fri Jul 20 10:17:16 UTC 2012
Package: mysql-5.5
Severity: grave
Tags: security
New MySQL security round:
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
CVE-2012-1735 MySQL Server MySQL Protocol Server Optimizer No 6.8 Network Low Single None None Complete 5.5.23 and earlier
CVE-2012-0540 MySQL Server MySQL Protocol GIS Extension No 4.0 Network Low Single None None Partial+ 5.1.62 and earlier, 5.5.23 and earlier
CVE-2012-1757 MySQL Server MySQL Protocol InnoDB No 4.0 Network Low Single None None Partial+ 5.5.23 and earlier
CVE-2012-1756 MySQL Server MySQL Protocol Server No 4.0 Network Low Single None None Partial+ 5.5.23 and earlier
CVE-2012-1734 MySQL Server MySQL Protocol Server Optimizer No 4.0 Network Low Single None None Partial+ 5.1.62 and earlier, 5.5.23 and earlier
CVE-2012-1689 MySQL Server MySQL Protocol Server Optimizer No 4.0 Network Low Single None None Partial+ 5.1.62 and earlier, 5.5.22 and earlier
The advisory is confusing, I'm not sure which upstream version fixes these
issues. I'm afraid we'll have to update to a new upstream, though.
Maybe we can switch to a FLOSS-friendly fork like mariadb after Wheezy
release...
Cheers,
Moritz
More information about the pkg-mysql-maint
mailing list