[debian-mysql] Bug#841050: Bug#841050: Security fixes from the October 2016 CPU

Lars Tangvald lars.tangvald at oracle.com
Wed Oct 19 06:46:06 UTC 2016


This might be an error in the CPU announcement (they sometimes get 
corrections after the initial announcement). I'll try to track down 
someone who's worked on this fix and ask.


On 10/19/2016 08:21 AM, Salvatore Bonaccorso wrote:
> Hi Lars, hi Norvald,
> On Wed, Oct 19, 2016 at 08:03:00AM +0200, Lars Tangvald wrote:
>> The following CVEs are fixed in 5.5.53:
>> CVE-2016-6662 CVE-2016-7440 CVE-2016-5584
> The listing of CVE-2016-6662 is confusing here. This should actually
> already be addressed in 5.5.52, cf.
> http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
> Any insight on why Oracle claims it to be only fixed in 5.5.53?
> Regards,
> Salvatore

More information about the pkg-mysql-maint mailing list