[debian-mysql] Bug#687485: mysql-5.5: CVE-2012-4414
Nicholas Bamber
nicholas at periapt.co.uk
Fri Sep 21 11:32:48 UTC 2012
On 20/09/12 22:33, Moritz Muehlenhoff wrote:
> On Wed, Sep 19, 2012 at 07:07:23PM +0100, Nicholas Bamber wrote:
>> I am looking at this bug. However the patch involves 45 files. 17 of
>> these are test files. From what I have seen so far they do not apply
>> cleanly. Presumably they are meant for 5.5.27 rather than 5.5.24. I have
>> yet to form a judgement on quite how intractable adapting the patch is
>> going to be.
>
> Due to the intransparent nature of mysql security updates we will need to
> follow the 5.5.x releases for stable-security anyway. As such I don't see
> a reason not to upload 5.5.27 during the freeze as well.
>
> Cheers,
> Moritz
Dear Release Team,
Are you okay with the following plan?
1.) I check that the maraiadb_patch.diff really does apply cleanly
against 5.5.27.
2.) I upload 5.5.24+dfsg-9 with the other pending fixes. (*diff.txt
attached).
3.) I then upload 5.5.27+dfsg-1 including the mariadb_patch,diff - or if
oracle have by then released 5.5.28, 5.5.28+dfsg.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mariadb_patch.diff
Type: text/x-diff
Size: 117987 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20120921/5028b788/attachment-0001.diff>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 684566-debdiff.txt
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20120921/5028b788/attachment-0003.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 686803-debdiff.txt
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20120921/5028b788/attachment-0004.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: zlib-diff.txt
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20120921/5028b788/attachment-0005.txt>
More information about the pkg-mysql-maint
mailing list