[debian-mysql] Bug#851233: Bug#851233: Bug#851233: Security fixes from the January 2017 CPU

Lars Tangvald lars.tangvald at oracle.com
Wed Jan 18 11:45:45 UTC 2017 

Hi,

On 01/18/2017 12:39 PM, Salvatore Bonaccorso wrote:
> Hi Lars,
>
> On Wed, Jan 18, 2017 at 10:33:30AM +0100, Lars Tangvald wrote:
>> Hi,
>>
>> The update builds and passes testing.
>> I've attached debdiff output for Wheezy and Jessie for this update. Aside
>> from the changelog, the only change to packaging is a patch for a test
>> (main.events_2) that was failing because of a hardcoded date.
> Thanks for preparing the update.
>
>> diff -r mysql-5.5-5.5.53/debian/changelog ../mysql-5.5/mysql-5.5/debian/changelog
>> 0a1,14
>>> mysql-5.5 (5.5.54-0+deb8u1) jessie-security; urgency=high
>>>
>>>    * Imported upstream version 5.5.54 to fix security issues:
>>>      - http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
>>>      - CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258
>>>      - CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313
>>>      - CVE-2017-3317 CVE-2017-3318
>>>      (Closes: #851233)
>>>    * Fix failing test main.events_2
>>>      The test was failing due to hardcoded date (2017-01-01). Added patch
>>>      pending upstream fix.
>>>
>>>   -- Lars Tangvald <lars.tangvald at oracle.com>  Tue, 17 Jan 2017 13:04:58 +0100
> This looks good, but see one change which seem included below:
>
>> 5c19
>> <     - CVE-2016-7440 CVE-2016-5584
>> ---
>>>      - CVE-2016-6662 CVE-2016-7440 CVE-2016-5584
> Did you build not on top of the last update? Because we corrected the
> CVE ids in the 5.5.53-0+deb8u1 upload. CVE-2016-6662 does not belong
> there, and was already fixed in the DSA-3666-1 with mysql-5.5
> 5.5.52-0+deb8u1, cf. the resulting changelog for 5.5.53-0+deb8u1 in
> https://bugs.debian.org/841050#62 for the DSA-3666-1 upload . I don't
> remember exactly, but I though I had asked someone of the mysql
> packaging team to import the final changes to the packaging
> repository.
Aha, yes. I see the vcs hasn't got the 5.5.53 packages imported 
properly. I'll do the import and rebuild, thanks.
> With that fixed, and build with -sa (to include the orig tarball)
> please do upload to security-master.
Do we have access to upload here? I think the security team have handled 
the upload in the past.

--
Lars
> Thanks for your work!
>
> Regards,
> Salvatore

More information about the pkg-mysql-maint mailing list