Hi Lars, On Wed, Jan 18, 2017 at 10:33:30AM +0100, Lars Tangvald wrote: > Hi, > > The update builds and passes testing. > I've attached debdiff output for Wheezy and Jessie for this update. Aside > from the changelog, the only change to packaging is a patch for a test > (main.events_2) that was failing because of a hardcoded date.
Thanks for preparing the update. > diff -r mysql-5.5-5.5.53/debian/changelog > ../mysql-5.5/mysql-5.5/debian/changelog > 0a1,14 > > mysql-5.5 (5.5.54-0+deb8u1) jessie-security; urgency=high > > > > * Imported upstream version 5.5.54 to fix security issues: > > - > > http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html > > - CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 > > - CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 > > - CVE-2017-3317 CVE-2017-3318 > > (Closes: #851233) > > * Fix failing test main.events_2 > > The test was failing due to hardcoded date (2017-01-01). Added patch > > pending upstream fix. > > > > -- Lars Tangvald <lars.tangv...@oracle.com> Tue, 17 Jan 2017 13:04:58 > > +0100 This looks good, but see one change which seem included below: > 5c19 > < - CVE-2016-7440 CVE-2016-5584 > --- > > - CVE-2016-6662 CVE-2016-7440 CVE-2016-5584 Did you build not on top of the last update? Because we corrected the CVE ids in the 5.5.53-0+deb8u1 upload. CVE-2016-6662 does not belong there, and was already fixed in the DSA-3666-1 with mysql-5.5 5.5.52-0+deb8u1, cf. the resulting changelog for 5.5.53-0+deb8u1 in https://bugs.debian.org/841050#62 for the DSA-3666-1 upload . I don't remember exactly, but I though I had asked someone of the mysql packaging team to import the final changes to the packaging repository. With that fixed, and build with -sa (to include the orig tarball) please do upload to security-master. Thanks for your work! Regards, Salvatore