[debian-mysql] Bug#841050: Bug#841050: Security fixes from the October 2016 CPU
carnil at debian.org
Thu Oct 27 16:54:17 UTC 2016
On Wed, Oct 19, 2016 at 10:38:22AM +0200, Lars Tangvald wrote:
> On 10/19/2016 10:18 AM, Moritz Muehlenhoff wrote:
> > Hi,
> > On Wed, Oct 19, 2016 at 09:10:59AM +0200, Lars Tangvald wrote:
> > > So for Linux we consider this fixed in 5.5.52, but the complete fix
> > > was in 5.5.53.
> > Is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837984
> > addressed in 5.5.53?
> No, this hasn't been changed.
> If you take a look at
> https://github.com/mysql/mysql-server/blob/5.5/scripts/mysqld_safe.sh (just
> search for 'i386') you'll see it restricts it to intel architectures.
> This is a whitelist of where the --malloc-lib option is allowed to be set,
> and is restricted to the intel archs because we considered it of little use
> on other architectures.
> If needs to be available on other architectures we could make a patch in the
> packaging to add them.
> > > Should I remove the CVE from the Debian changelog entry?
> > That's not needed, we can add a comment to the Security Tracker.
> Ok, thanks :)
What is the status for src:mysql-5.5 for a possible jessie-security
upload? (Btw, if-and-only-if the package is still needed due to
rebuild, then let's please fix the changelog entry as well.)
More information about the pkg-mysql-maint