Hi,
On 01/18/2017 12:39 PM, Salvatore Bonaccorso wrote:
Hi Lars,
On Wed, Jan 18, 2017 at 10:33:30AM +0100, Lars Tangvald wrote:
Hi,
The update builds and passes testing.
I've attached debdiff output for Wheezy and Jessie for this update. Aside
from the changelog, the only change to packaging is a patch for a test
(main.events_2) that was failing because of a hardcoded date.
Thanks for preparing the update.
diff -r mysql-5.5-5.5.53/debian/changelog
../mysql-5.5/mysql-5.5/debian/changelog
0a1,14
mysql-5.5 (5.5.54-0+deb8u1) jessie-security; urgency=high
* Imported upstream version 5.5.54 to fix security issues:
-
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
- CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258
- CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313
- CVE-2017-3317 CVE-2017-3318
(Closes: #851233)
* Fix failing test main.events_2
The test was failing due to hardcoded date (2017-01-01). Added patch
pending upstream fix.
-- Lars Tangvald <lars.tangv...@oracle.com> Tue, 17 Jan 2017 13:04:58 +0100
This looks good, but see one change which seem included below:
5c19
< - CVE-2016-7440 CVE-2016-5584
---
- CVE-2016-6662 CVE-2016-7440 CVE-2016-5584
Did you build not on top of the last update? Because we corrected the
CVE ids in the 5.5.53-0+deb8u1 upload. CVE-2016-6662 does not belong
there, and was already fixed in the DSA-3666-1 with mysql-5.5
5.5.52-0+deb8u1, cf. the resulting changelog for 5.5.53-0+deb8u1 in
https://bugs.debian.org/841050#62 for the DSA-3666-1 upload . I don't
remember exactly, but I though I had asked someone of the mysql
packaging team to import the final changes to the packaging
repository.
Aha, yes. I see the vcs hasn't got the 5.5.53 packages imported
properly. I'll do the import and rebuild, thanks.
With that fixed, and build with -sa (to include the orig tarball)
please do upload to security-master.
Do we have access to upload here? I think the security team have handled
the upload in the past.
--
Lars
Thanks for your work!
Regards,
Salvatore