[debian-mysql] Bug#698068: MySQL 5.5.30 does not fix CVE-2012-4414, what to do next?
Kristian Nielsen
knielsen at knielsen-hq.org
Sat Mar 9 14:55:12 UTC 2013
Hi Clint,
> I have just now comitted MariaDB's test for CVE-2012-4414 to the SVN
> repo where we maintain mysql-5.5 unstable packaging. The package fails
> to build right now because this test fails.
> 2) Somebody step up and give us a patch for 5.5.30 which fixes
> CVE-2012-4414. There's probably a commit in percona's tree somewhere
> that can solve the issue with perhaps some fuzz to resolve.
Do you want me to do such a patch?
(It was I who fixed the bug in MariaDB).
I should be able to prepare a patch quickly, but I only want to spend the time
if it can be used by Debian.
Do I understand correctly that you need a patch against upstream MySQL 5.5.29?
My idea would be to take basically the patch from MySQL 5.5.30 and backport it
to MySQL 5.5.29, adding any missing bits from the MariaDB patch. So that
maintenance is easier if/when a later MySQL version must be dropped into
Debian. Does that sound ok?
- Kristian.
More information about the pkg-mysql-maint
mailing list