[debian-mysql] Bug#841050: Bug#841050: Security fixes from the October 2016 CPU

Lars Tangvald lars.tangvald at oracle.com
Wed Oct 19 08:38:22 UTC 2016


On 10/19/2016 10:18 AM, Moritz Muehlenhoff wrote:
> Hi,
> On Wed, Oct 19, 2016 at 09:10:59AM +0200, Lars Tangvald wrote:
>> So for Linux we consider this fixed in 5.5.52, but the complete fix
>> was in 5.5.53.
> Is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837984
> addressed in 5.5.53?
No, this hasn't been changed.
If you take a look at 
(just search for 'i386') you'll see it restricts it to intel architectures.
This is a whitelist of where the --malloc-lib option is allowed to be 
set, and is restricted to the intel archs because we considered it of 
little use on other architectures.
If needs to be available on other architectures we could make a patch in 
the packaging to add them.

>> Should I remove the CVE from the Debian changelog entry?
> That's not needed, we can add a comment to the Security Tracker.
Ok, thanks :)

> Cheers,
>          Moritz

More information about the pkg-mysql-maint mailing list