Your message dated Thu, 22 Jan 2026 00:53:59 +0000
with message-id <[email protected]>
and subject line Bug#1126115: fixed in mysql-8.0 8.0.45-1
has caused the Debian Bug report #1126115,
regarding mysql-8.0: CVE-2026-21968 CVE-2026-21964 CVE-2026-21948
CVE-2026-21941 CVE-2026-21937 CVE-2026-21936
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1126115: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126115
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mysql-8.0
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2026-21968[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer). Supported versions that are
| affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily
| exploitable vulnerability allows low privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2026-21964[1]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Thread Pooling). Supported versions that are
| affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2026-21948[2]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer). Supported versions that are
| affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2026-21941[3]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer). Supported versions that are
| affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2026-21937[4]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: DDL). Supported versions that are affected are
| 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2026-21936[5]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
| 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-21968
https://www.cve.org/CVERecord?id=CVE-2026-21968
[1] https://security-tracker.debian.org/tracker/CVE-2026-21964
https://www.cve.org/CVERecord?id=CVE-2026-21964
[2] https://security-tracker.debian.org/tracker/CVE-2026-21948
https://www.cve.org/CVERecord?id=CVE-2026-21948
[3] https://security-tracker.debian.org/tracker/CVE-2026-21941
https://www.cve.org/CVERecord?id=CVE-2026-21941
[4] https://security-tracker.debian.org/tracker/CVE-2026-21937
https://www.cve.org/CVERecord?id=CVE-2026-21937
[5] https://security-tracker.debian.org/tracker/CVE-2026-21936
https://www.cve.org/CVERecord?id=CVE-2026-21936
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: mysql-8.0
Source-Version: 8.0.45-1
Done: Lena Voytek <[email protected]>
We believe that the bug you reported is fixed in the latest version of
mysql-8.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lena Voytek <[email protected]> (supplier of updated mysql-8.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 21 Jan 2026 18:24:04 -0500
Source: mysql-8.0
Built-For-Profiles: noudeb
Architecture: source
Version: 8.0.45-1
Distribution: unstable
Urgency: medium
Maintainer: Debian MySQL Maintainers <[email protected]>
Changed-By: Lena Voytek <[email protected]>
Closes: 1126115
Changes:
mysql-8.0 (8.0.45-1) unstable; urgency=medium
.
* Import upstream version 8.0.45 to fix security issues
- https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL
- CVE-2026-21936 CVE-2026-21937 CVE-2026-21941 CVE-2026-21948
CVE-2026-21964 CVE-2026-21968
Upstream release notes:
- https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-45.html
(Closes: #1126115)
* d/control: Update standards version and remove Priority: optional
* d/mysql-server-8.0.postinst: Update postinst to ignore lost+found directory
Checksums-Sha1:
8ef15aceef0001fb9d62e0ea92b5236c889824b7 3619 mysql-8.0_8.0.45-1.dsc
7717b8f6814072160cac2cb3b836045c5ef2ca7f 492472802 mysql-8.0_8.0.45.orig.tar.gz
33dc5a2c2a29459c6b218cba3d9150c3a479bcaa 833 mysql-8.0_8.0.45.orig.tar.gz.asc
7f5cb6052bad151eb1a619844fb4cfddd676f9fd 146472
mysql-8.0_8.0.45-1.debian.tar.xz
106dd68084fa7aaf1f47ed6844e9f3d773fc9173 9427
mysql-8.0_8.0.45-1_source.buildinfo
Checksums-Sha256:
ed2b5bd299ae34342889b7071599ad50d82640b40d2a56f39bfc66156a6cce3b 3619
mysql-8.0_8.0.45-1.dsc
f679707d05f0c2b61e9b14961302e7f540c23e9e5e2bffd8ad9193599e295cee 492472802
mysql-8.0_8.0.45.orig.tar.gz
090488cf262e24d81006476a44d492cb9e101e5e4b9941abb9aadb5ee30888c7 833
mysql-8.0_8.0.45.orig.tar.gz.asc
31d084184cc00cebcd3a6bfaf99cac1f0adb73528729f2d1859c29925e53dc5a 146472
mysql-8.0_8.0.45-1.debian.tar.xz
af03a0dc4b26f56425a463fc3846ce71cdc2bd7c4872fc0592f7b84cff7c328d 9427
mysql-8.0_8.0.45-1_source.buildinfo
Files:
78869e26993d8d0b8f62678333c2ef70 3619 database optional mysql-8.0_8.0.45-1.dsc
ca271fd2f2a4dd5b0e9c90aab9151b10 492472802 database optional
mysql-8.0_8.0.45.orig.tar.gz
59a4fbc674210fdc1e91e1982fe36416 833 database optional
mysql-8.0_8.0.45.orig.tar.gz.asc
307848e7b4ae8f53ea6970d7ea05470d 146472 database optional
mysql-8.0_8.0.45-1.debian.tar.xz
c6d4b0a49afdcc452ea06926a601d2a7 9427 database optional
mysql-8.0_8.0.45-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJOBAEBCgA4FiEEY+78PeFNUUbOfyS/NLitfZUp55MFAmlxbv4aHGxlbmEudm95
dGVrQGNhbm9uaWNhbC5jb20ACgkQNLitfZUp55O9QQ//Zq1OFBmp9fh6vNS4eaQp
1WQDe0sl+r12Efzm0BVPJA2YE6gfMVcj08VtnRMAC7DOkqTTn5Bz98SmyZvb4oHk
XYuXxZUHKafjGK2RmhnrPLIyh5+3Lcpn54fsdgFbv9/F9waIjGQmNjtCRqgBZSOJ
9zPkEKMAWjwqlum77xAe6Bs0hPBkbHuFEFrDBcrYfXufHGOoK5FIu0FfUDzwGQK5
JuKYrVnuxUEi/zACHzgYOlayOzYC2Xnbf7rlkADFkqmvrLexnOH2LldjGIRM9jzv
ldzcgHpc9QJbaCicDeiAsiyUt00413Gl9MuVWxS4X9efCXnPFBKHUTW4rf6/TkW3
QLi405Ju3fhWojDUSn2QUHCmow7crG1iKAYueUrmq6fY6Jj9dmS56JPnnmTYReUs
Xu4GlgzlzNVNXOYdGrkeUvLQy9iVm8fON5inHuwAHQ+BZNyTb5WYBxABY+W7RHrh
lbo7t2lbyf4vXCZH/6zdYHg5RIsDQ9ccisyjaCZJ/sdaBXVRe9GiqxBFQWf372FP
1oLAcV3gewBEnYS4mVDXwCyYJq1fxfAd+m9yT+zEvbMTPoEbwIAfkzJtYwjntBJs
4THQ5mq9CPjxxrjuJGEy3M3/bYgybqC7pyPbfdFfSYMS/0xXMrp+6vm3761wDsB9
2rahP9nmgFMGCX4xjJb5Fhg=
=GB2S
-----END PGP SIGNATURE-----
pgptBSbRTwN5b.pgp
Description: PGP signature
--- End Message ---
