[debian-mysql] Bug#841050: Bug#841050: Security fixes from the October 2016 CPU
Lars Tangvald
lars.tangvald at oracle.com
Wed Oct 19 07:10:59 UTC 2016
On 10/19/2016 08:21 AM, Salvatore Bonaccorso wrote:
> Hi Lars, hi Norvald,
>
> On Wed, Oct 19, 2016 at 08:03:00AM +0200, Lars Tangvald wrote:
>> The following CVEs are fixed in 5.5.53:
>> CVE-2016-6662 CVE-2016-7440 CVE-2016-5584
> The listing of CVE-2016-6662 is confusing here. This should actually
> already be addressed in 5.5.52, cf.
> http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
>
> Any insight on why Oracle claims it to be only fixed in 5.5.53?
>
> Regards,
> Salvatore
The CPU listing concerns all platforms, and there were some additional
complexities in the CVE for other platforms.
So for Linux we consider this fixed in 5.5.52, but the complete fix was
in 5.5.53.
Should I remove the CVE from the Debian changelog entry?
I've got the updated packages built and tested, so should have the
debdiff pretty much ready.
--
Lars
More information about the pkg-mysql-maint
mailing list