Hi,
On 10/19/2016 10:18 AM, Moritz Muehlenhoff wrote:
Hi,
On Wed, Oct 19, 2016 at 09:10:59AM +0200, Lars Tangvald wrote:
So for Linux we consider this fixed in 5.5.52, but the complete fix
was in 5.5.53.
Is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837984
addressed in 5.5.53?
No, this hasn't been changed.
If you take a look at
https://github.com/mysql/mysql-server/blob/5.5/scripts/mysqld_safe.sh
(just search for 'i386') you'll see it restricts it to intel architectures.
This is a whitelist of where the --malloc-lib option is allowed to be
set, and is restricted to the intel archs because we considered it of
little use on other architectures.
If needs to be available on other architectures we could make a patch in
the packaging to add them.
Should I remove the CVE from the Debian changelog entry?
That's not needed, we can add a comment to the Security Tracker.
Ok, thanks :)
--
Lars
Cheers,
Moritz
