[debian-mysql] Bug#841050: Bug#841050: Security fixes from the October 2016 CPU
Lars Tangvald
lars.tangvald at oracle.com
Wed Oct 19 08:38:22 UTC 2016
Hi,
On 10/19/2016 10:18 AM, Moritz Muehlenhoff wrote:
> Hi,
>
> On Wed, Oct 19, 2016 at 09:10:59AM +0200, Lars Tangvald wrote:
>> So for Linux we consider this fixed in 5.5.52, but the complete fix
>> was in 5.5.53.
> Is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837984
> addressed in 5.5.53?
No, this hasn't been changed.
If you take a look at
https://github.com/mysql/mysql-server/blob/5.5/scripts/mysqld_safe.sh
(just search for 'i386') you'll see it restricts it to intel architectures.
This is a whitelist of where the --malloc-lib option is allowed to be
set, and is restricted to the intel archs because we considered it of
little use on other architectures.
If needs to be available on other architectures we could make a patch in
the packaging to add them.
>> Should I remove the CVE from the Debian changelog entry?
> That's not needed, we can add a comment to the Security Tracker.
Ok, thanks :)
--
Lars
> Cheers,
> Moritz
More information about the pkg-mysql-maint
mailing list