[debian-mysql] Bug#841050: Bug#841050: Security fixes from the October 2016 CPU

Salvatore Bonaccorso carnil at debian.org
Wed Oct 19 06:21:03 UTC 2016


Hi Lars, hi Norvald,

On Wed, Oct 19, 2016 at 08:03:00AM +0200, Lars Tangvald wrote:
> The following CVEs are fixed in 5.5.53:
> CVE-2016-6662 CVE-2016-7440 CVE-2016-5584

The listing of CVE-2016-6662 is confusing here. This should actually
already be addressed in 5.5.52, cf.
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html

Any insight on why Oracle claims it to be only fixed in 5.5.53?

Regards,
Salvatore



More information about the pkg-mysql-maint mailing list