[debian-mysql] Bug#851233: Bug#851233: Bug#851233: Security fixes from the January 2017 CPU
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 18 13:38:30 UTC 2017
Hi Lars,
On Wed, Jan 18, 2017 at 12:45:45PM +0100, Lars Tangvald wrote:
> Hi,
>
> On 01/18/2017 12:39 PM, Salvatore Bonaccorso wrote:
> >Hi Lars,
> >
> >On Wed, Jan 18, 2017 at 10:33:30AM +0100, Lars Tangvald wrote:
> >>Hi,
> >>
> >>The update builds and passes testing.
> >>I've attached debdiff output for Wheezy and Jessie for this update. Aside
> >>from the changelog, the only change to packaging is a patch for a test
> >>(main.events_2) that was failing because of a hardcoded date.
> >Thanks for preparing the update.
> >
> >>diff -r mysql-5.5-5.5.53/debian/changelog ../mysql-5.5/mysql-5.5/debian/changelog
> >>0a1,14
> >>>mysql-5.5 (5.5.54-0+deb8u1) jessie-security; urgency=high
> >>>
> >>> * Imported upstream version 5.5.54 to fix security issues:
> >>> - http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
> >>> - CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258
> >>> - CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313
> >>> - CVE-2017-3317 CVE-2017-3318
> >>> (Closes: #851233)
> >>> * Fix failing test main.events_2
> >>> The test was failing due to hardcoded date (2017-01-01). Added patch
> >>> pending upstream fix.
> >>>
> >>> -- Lars Tangvald <lars.tangvald at oracle.com> Tue, 17 Jan 2017 13:04:58 +0100
> >This looks good, but see one change which seem included below:
> >
> >>5c19
> >>< - CVE-2016-7440 CVE-2016-5584
> >>---
> >>> - CVE-2016-6662 CVE-2016-7440 CVE-2016-5584
> >Did you build not on top of the last update? Because we corrected the
> >CVE ids in the 5.5.53-0+deb8u1 upload. CVE-2016-6662 does not belong
> >there, and was already fixed in the DSA-3666-1 with mysql-5.5
> >5.5.52-0+deb8u1, cf. the resulting changelog for 5.5.53-0+deb8u1 in
> >https://bugs.debian.org/841050#62 for the DSA-3666-1 upload . I don't
> >remember exactly, but I though I had asked someone of the mysql
> >packaging team to import the final changes to the packaging
> >repository.
> Aha, yes. I see the vcs hasn't got the 5.5.53 packages imported properly.
> I'll do the import and rebuild, thanks.
Thanks!
> >With that fixed, and build with -sa (to include the orig tarball)
> >please do upload to security-master.
> Do we have access to upload here? I think the security team have handled the
> upload in the past.
yes it nees to be a key in the DD keyring. Do you have a DD in the
mysql-pkg team who could sponsor the upload?
Regards,
Salvatore
More information about the pkg-mysql-maint
mailing list