Re: [debian-mysql] Bug#878402: Bug#878402: Security fixes from the October 2017 CPU

[Emilio Pozuelo Monfort]

On 18/10/17 20:46, Salvatore Bonaccorso wrote:
> Hi lars,
> 
> On Wed, Oct 18, 2017 at 03:51:26PM +0200, Lars Tangvald wrote:
>> Hi,
>>
>> 5.5.58 packages for Debian 7 and 8 are built, and pass the test suite.
>> Attached are debdiff files for Wheezy and Jessie (source is also pushed to
>> https://anonscm.debian.org/cgit/pkg-mysql/mysql-5.5.git)
>> As before, we unfortunately don't have a DD in our team that can sponsor the
>> upload, so we need assistance with that.
> 
> I will look into it for jessie-security then.
> 
>> I'm not sure if the security team still handles Debian8, or if the lts team
>> does now?
> 
> Yes, Debian 8 Jessie is still yet handled by the security team.

And I will take of Debian 7 (wheezy). Thanks for preparing the update!

Cheers,
Emilio

Re: [debian-mysql] Bug#878402: Bug#878402: Security fixes from the October 2017 CPU

[Lars Tangvald]

On 10/19/2017 10:09 AM, Emilio Pozuelo Monfort wrote:

On 18/10/17 20:46, Salvatore Bonaccorso wrote:

Hi lars,

On Wed, Oct 18, 2017 at 03:51:26PM +0200, Lars Tangvald wrote:

Hi,

5.5.58 packages for Debian 7 and 8 are built, and pass the test suite.
Attached are debdiff files for Wheezy and Jessie (source is also pushed to
https://urldefense.proofpoint.com/v2/url?u=https-3A__anonscm.debian.org_cgit_pkg-2Dmysql_mysql-2D5.5.git=DwICaQ=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10=HPjEzLhETPj8fl9HCxxISaaV3f5tXDpGXDR3R2IELxg=00T7TUZCwXkig-wYCf-35nC5VNSQmjNOsNq0TOBoXBs=MPjTux6yCV6-5Si_VECXoTwgZxgsyNIHfNSpH1nq2ws=
 )
As before, we unfortunately don't have a DD in our team that can sponsor the
upload, so we need assistance with that.

I will look into it for jessie-security then.


I'm not sure if the security team still handles Debian8, or if the lts team
does now?

Yes, Debian 8 Jessie is still yet handled by the security team.

And I will take of Debian 7 (wheezy). Thanks for preparing the update!

Cheers,
Emilio

Thanks for the help to both of you! :)

--
Lars

Accepted graphicsmagick 1.3.16-1.1+deb7u11 (source amd64 all) into oldoldstable

[Brian May]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 16 Oct 2017 15:21:09 +1100
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev 
libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl 
graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat 
graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.16-1.1+deb7u11
Distribution: wheezy-security
Urgency: medium
Maintainer: Daniel Kobras 
Changed-By: Brian May 
Description:
 graphicsmagick - collection of image processing tools
 graphicsmagick-dbg - format-independent image processing - debugging symbols
 graphicsmagick-imagemagick-compat - image processing tools providing 
ImageMagick interface
 graphicsmagick-libmagick-dev-compat - image processing libraries providing 
ImageMagick interface
 libgraphics-magick-perl - format-independent image processing - perl interface
 libgraphicsmagick++1-dev - format-independent image processing - C++ 
development files
 libgraphicsmagick++3 - format-independent image processing - C++ shared library
 libgraphicsmagick1-dev - format-independent image processing - C development 
files
 libgraphicsmagick3 - format-independent image processing - C shared library
Changes:
 graphicsmagick (1.3.16-1.1+deb7u11) wheezy-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2017-13737: Fix incorrect rounding up, resulting
 in scrambling the heap beyond the allocation.
   * Fix CVE-2017-15277: Leaves the palette uninitialized when processing a GIF
 file that has neither a global nor local palette.
Checksums-Sha1:
 e38403a754e6c72c5a60d56311c8e4b59984b891 2686 
graphicsmagick_1.3.16-1.1+deb7u11.dsc
 f2ec0392d7a7d5cbe0d5bdff2931edbacedd73e9 8736761 
graphicsmagick_1.3.16.orig.tar.gz
 2cf0d92987daa130d0bf6bd67fa005fabf218f4c 198789 
graphicsmagick_1.3.16-1.1+deb7u11.debian.tar.gz
 8db1c1e9941dfe0c203579566df726ca01a068d4 1034682 
graphicsmagick_1.3.16-1.1+deb7u11_amd64.deb
 37c58fe151af9916f18ca7295a6015addf4dc1c3 1324076 
libgraphicsmagick3_1.3.16-1.1+deb7u11_amd64.deb
 6e4e89f6fb5094877761084f62aa19862983fc05 1822954 
libgraphicsmagick1-dev_1.3.16-1.1+deb7u11_amd64.deb
 d7aef8a9c2ef57f482c908f5af983e0a6c66e82d 154776 
libgraphicsmagick++3_1.3.16-1.1+deb7u11_amd64.deb
 778357b9c3a906b994b52183db21a0790eac6dd6 410996 
libgraphicsmagick++1-dev_1.3.16-1.1+deb7u11_amd64.deb
 53966320d168dfacbaf445d84352b685561bab0e 83554 
libgraphics-magick-perl_1.3.16-1.1+deb7u11_amd64.deb
 457518bad849a4d455fc1a8bddf5201619f35fd1 3270250 
graphicsmagick-dbg_1.3.16-1.1+deb7u11_amd64.deb
 54cc089e0723987e71892d64062a7820fa2b8712 18778 
graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u11_all.deb
 953118221c1a4ef0e57676f846adbd4eb9885c8d 22334 
graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u11_all.deb
Checksums-Sha256:
 f32013c5988d3d28156d61ba99230a2aa3b1c8298695628267eb38e07ba5bdae 2686 
graphicsmagick_1.3.16-1.1+deb7u11.dsc
 ae2229370926dea6c2423cc1adaf551d33f38102677332294439365aaac1514b 8736761 
graphicsmagick_1.3.16.orig.tar.gz
 5c90d520e1aee2aeffee295ff2bc988d54de2d88825a08362d0995b1a8ded7cf 198789 
graphicsmagick_1.3.16-1.1+deb7u11.debian.tar.gz
 b3a2eeecd801abe551f5868bf4c8f2389d914e5d3139217752ce95d6ee5d396b 1034682 
graphicsmagick_1.3.16-1.1+deb7u11_amd64.deb
 882ead6f5c372406a8baf842619d2b8759795cea5f419ec95d22a3fb255e8ef4 1324076 
libgraphicsmagick3_1.3.16-1.1+deb7u11_amd64.deb
 20721f6e92182f86ff781fcbbbd94263cf82f16cc98a0d50fb8403139251f04d 1822954 
libgraphicsmagick1-dev_1.3.16-1.1+deb7u11_amd64.deb
 ac9755f23e2a118f23149b613e248d65c500fc95dd7714029bf391e2c36ade3b 154776 
libgraphicsmagick++3_1.3.16-1.1+deb7u11_amd64.deb
 6fda5fcea2ea3dd8eb8f4ee0077d886a8d068ee62b7e153c93909f31eb0bcdf5 410996 
libgraphicsmagick++1-dev_1.3.16-1.1+deb7u11_amd64.deb
 2a6287d7d6a230d11c0d1a424c74ebcb440a3926068513e0899e8a6f5ba0 83554 
libgraphics-magick-perl_1.3.16-1.1+deb7u11_amd64.deb
 7e7075af7f010a08d9c4c92b28f709f060cf0a05693a304b314d7eb4463a9d4d 3270250 
graphicsmagick-dbg_1.3.16-1.1+deb7u11_amd64.deb
 750dcaf5099a918cc4038ae09313c5a81ecef140913609f0053a8d56a687de3d 18778 
graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u11_all.deb
 948e108a36d581a212b1e36c4f8e1515abf1b317af23a1d4b612d59c1880c096 22334 
graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u11_all.deb
Files:
 9de53e09dd572da154209026534cd59e 2686 graphics optional 
graphicsmagick_1.3.16-1.1+deb7u11.dsc
 66a4b9c7af6165b5d293fed6ebe04e36 8736761 graphics optional 
graphicsmagick_1.3.16.orig.tar.gz
 1355904ccc3bd7c245804853034c66fc 198789 graphics optional 
graphicsmagick_1.3.16-1.1+deb7u11.debian.tar.gz
 b6984546b4581c64646ff189b9c2c3f4 1034682 graphics optional 
graphicsmagick_1.3.16-1.1+deb7u11_amd64.deb
 d998d588a799d50da020d2457bfef06e 1324076 libs optional 
libgraphicsmagick3_1.3.16-1.1+deb7u11_amd64.deb
 65fffd7cb6bd537e3435872b8d9e1277 1822954 libdevel optional 

[SECURITY] [DLA 1140-1] graphicsmagick security update

[Brian May]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Package: graphicsmagick
Version: 1.3.16-1.1+deb7u11
CVE ID : CVE-2017-13737 CVE-2017-15277


Immediately after the previous update to graphicsmagick, two more security
issues were identified. These updates are included here.

CVE-2017-13737

Incorrect rounding up resulted in scrambling the heap beyond the
allocation.

CVE-2017-15277

Left the palette uninitialized when processing a GIF
file that has neither a global nor local palette.

For Debian 7 "Wheezy", these problems have been fixed in version
1.3.16-1.1+deb7u11.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE1jZRJqkttWDGJ6ztF4RXf4EfbqwFAlnoUN0ACgkQF4RXf4Ef
bqzi7w//T94/9/tOVGfD02s6XyQdsHkv3CK4xSUs6mfJjSRzbH1tXT1rGacVI3K2
XFmIOiDkonv2QQIgA0e4TupkAwi9auFc/TWBku2W0f0Dm9JGPvPIcpYC8LlSVR4Z
anJoYvWFwX2s56c3w54Op2prCcJ0st0tcLyYQLHspNzTVjtSfRA5k3BCkJn2c+vm
udGDyIKvrEkTRp14y/Ct4fjbED8pDDxltrftmnXS+VB0+5/xrbvbWp2jQ3b9NnI+
vBJ2HeSVQRFlWmiWUZy4Jlb8hQ84cNxfsGz8+4qy0MH51zVew9ox62mG5BqZJQz9
Izt2Cd+/MNEnIjWgFwySMk2eiHOwSvCrpH5caXS8OaX+fPKS4hj50yhpxMz4rQDO
UnDpvpSJcpuUj47SY/YRoDeIbUtk/0OvkgyAEkaXFMvV67bdX+g0L+50IHFKKgOy
dmgJUQcE6jPmlLBNS9NJdp4J0+vjF+4ZDNKyTNZwZLSYlWCHP/vwhUBph1hgTUdu
ew5JJVgBcIcXnk31GSulM0PrmMfUa2QVxDvdTyOIQ0LHcD1kuDwyxbbCFJbaSIO/
KZsVanexNpXGIA8EP7xYDf0B6kILCrTYCpi49ETNXlkEADKLZHRqdP6vByFgKT0R
hLo+ej9GwSFKzt1LfIEo2eJMaYm2AAj/IAOONX2f7D5cA4NGcP0=
=y8/A
-END PGP SIGNATURE-

[SECURITY] [DLA 1138-1] nss security update

[Roberto C . Sánchez]

Package: nss
Version: 2:3.26-1+debu7u5
CVE ID : CVE-2017-7805

Martin Thomson discovered that nss, the Mozilla Network Security Service
library, is prone to a use-after-free vulnerability in the TLS 1.2
implementation when handshake hashes are generated. A remote attacker
can take advantage of this flaw to cause an application using the nss
library to crash, resulting in a denial of service, or potentially to
execute arbitrary code.

For Debian 7 "Wheezy", these problems have been fixed in version
2:3.26-1+debu7u5.

We recommend that you upgrade your nss packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


signature.asc
Description: Digital signature

Accepted mysql-5.5 5.5.58-0+deb7u1 (source all amd64) into oldoldstable

[Lars Tangvald]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 17 Oct 2017 10:24:21 +0200
Source: mysql-5.5
Binary: libmysqlclient18 libmysqld-pic libmysqld-dev libmysqlclient-dev 
mysql-common mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 
mysql-server mysql-client mysql-testsuite-5.5 mysql-source-5.5
Architecture: source all amd64
Version: 5.5.58-0+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian MySQL Maintainers 
Changed-By: Lars Tangvald 
Description: 
 libmysqlclient-dev - MySQL database development files
 libmysqlclient18 - MySQL database client library
 libmysqld-dev - MySQL embedded database development files
 libmysqld-pic - PIC version of MySQL embedded server development files
 mysql-client - MySQL database client (metapackage depending on the latest 
versio
 mysql-client-5.5 - MySQL database client binaries
 mysql-common - MySQL database common files, e.g. /etc/mysql/my.cnf
 mysql-server - MySQL database server (metapackage depending on the latest 
versio
 mysql-server-5.5 - MySQL database server binaries and system database setup
 mysql-server-core-5.5 - MySQL database server binaries
 mysql-source-5.5 - MySQL source
 mysql-testsuite-5.5 - MySQL testsuite
Closes: 878402
Changes: 
 mysql-5.5 (5.5.58-0+deb7u1) wheezy-security; urgency=high
 .
   * Imported upstream version 5.5.58 to fix security issues:
 - 
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
 - CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384
 (Closes: #878402)
Checksums-Sha1: 
 268126f535519957479a405d842bbb5ea253350e 2971 mysql-5.5_5.5.58-0+deb7u1.dsc
 37be5e6203e4c5c1b3095d714cc9800b11df 21045852 mysql-5.5_5.5.58.orig.tar.gz
 7c04e500040f0402bf79f72c26d7e4b0ee992c55 380206 
mysql-5.5_5.5.58-0+deb7u1.debian.tar.gz
 545a04624e3b6683eda26cbeeca726c8bdbb49a5 78412 
mysql-common_5.5.58-0+deb7u1_all.deb
 9bd6d240ccad6527f0f1cac104d2e7c42dc58fb8 76634 
mysql-server_5.5.58-0+deb7u1_all.deb
 2f4aae8c6f3aaf75649f01b9143dfd722579b086 76518 
mysql-client_5.5.58-0+deb7u1_all.deb
 20aff132bbd7de733b467bc9f07cdb2598c52d5b 685190 
libmysqlclient18_5.5.58-0+deb7u1_amd64.deb
 59067bb6e837fcb357d826dae55ffef4e9e85f71 3179956 
libmysqld-pic_5.5.58-0+deb7u1_amd64.deb
 a95419ba1b4e8bd2474fb8f79649f19265849f61 3177954 
libmysqld-dev_5.5.58-0+deb7u1_amd64.deb
 3d10157e61c5f8187daa63bd5ec7891547d0e2ef 953722 
libmysqlclient-dev_5.5.58-0+deb7u1_amd64.deb
 9f31c9d032854b55b25acae3eb338e61167552ff 1774094 
mysql-client-5.5_5.5.58-0+deb7u1_amd64.deb
 510f289769efee1d7e0461bff3360dccde5331a0 3994208 
mysql-server-core-5.5_5.5.58-0+deb7u1_amd64.deb
 e9c3df50826670ca388fa5b6936cef1a6716d4cf 1961466 
mysql-server-5.5_5.5.58-0+deb7u1_amd64.deb
 6d792ada90b64378c7822aa623a229613630f774 4350324 
mysql-testsuite-5.5_5.5.58-0+deb7u1_amd64.deb
 573219339c6378071ec0819595a5b5bc1a947e27 22863342 
mysql-source-5.5_5.5.58-0+deb7u1_amd64.deb
Checksums-Sha256: 
 4ddcebf2f910a550d70ad7f9b9b3e4ff0f7a6e24e887c7f2d50c19aef94f5146 2971 
mysql-5.5_5.5.58-0+deb7u1.dsc
 9b6912faf261555c8975db24a987f63f36aaa28052a301e85538346ace0009b9 21045852 
mysql-5.5_5.5.58.orig.tar.gz
 53f2817258530052c5c8b6edd66efa846fa2cd231170c54522c8e635d7907437 380206 
mysql-5.5_5.5.58-0+deb7u1.debian.tar.gz
 98d6ea06b83cc738ad60204b46b189780191393a6deeb87985768ecb63cda5bc 78412 
mysql-common_5.5.58-0+deb7u1_all.deb
 69bced10203880b1875c51dabdd9e7b5a28767952bd48d0561d5ed25c08d8487 76634 
mysql-server_5.5.58-0+deb7u1_all.deb
 b3fb1a3e091ab798c89b3da715d33f3083652e43d94f2a433f764cf05dacfddc 76518 
mysql-client_5.5.58-0+deb7u1_all.deb
 d51776b174f4d5080de16dd2c1e5dc3b6ed997e35dbea61b11c779e8594ab4cc 685190 
libmysqlclient18_5.5.58-0+deb7u1_amd64.deb
 56a7d19eeb30bdde51300c8347b8e2d70836d3bfa31dae6c8af594404aec6a7b 3179956 
libmysqld-pic_5.5.58-0+deb7u1_amd64.deb
 c311b6b679e155f1bc406cd23d4842ed839230f6e40218f5ec853c2c9e4df420 3177954 
libmysqld-dev_5.5.58-0+deb7u1_amd64.deb
 62975349eb90cc2aa32e491fb86b8456a692c542abca913e23e89bebc97d2121 953722 
libmysqlclient-dev_5.5.58-0+deb7u1_amd64.deb
 c346c9d33e02ab686ca659f5b83cb416faf8ef83763e143b7f6f0e609582879e 1774094 
mysql-client-5.5_5.5.58-0+deb7u1_amd64.deb
 8e2c1071d8dcae6e6140192dfab4ac4a5e07247c560f525b47b96695036ce21c 3994208 
mysql-server-core-5.5_5.5.58-0+deb7u1_amd64.deb
 ef35d88e8f2b30559543f3eccbfe38575c700dfd1d2229070eceb3e1c71f22a9 1961466 
mysql-server-5.5_5.5.58-0+deb7u1_amd64.deb
 f294842353871a624ff2644eb8e9e1d5357ff96bc462ff2597c5d1803157ac37 4350324 
mysql-testsuite-5.5_5.5.58-0+deb7u1_amd64.deb
 72099f676041490203236dfc9b5d147ae4de4ffdfe9356f7c3f4620b2f08089d 22863342 
mysql-source-5.5_5.5.58-0+deb7u1_amd64.deb
Files: 
 1b8650432cf95c8759f8a1cd79792d48 2971 database optional 
mysql-5.5_5.5.58-0+deb7u1.dsc
 615d82fb528c8c91048685abaf67ed50 21045852 database optional 
mysql-5.5_5.5.58.orig.tar.gz
 9b1929b5e8d1393d9512cb6f8cbc6be2 380206 database optional 

[SECURITY] [DLA 1141-1] mysql-5.5 security update

[Emilio Pozuelo Monfort]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Package: mysql-5.5
Version: 5.5.58-0+deb7u1
CVE ID : CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384
Debian Bug : 878402

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.58, which includes additional changes, such as performance
improvements, bug fixes, new features, and possibly incompatible
changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical
Patch Update advisory for further details:

 https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html
 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

For Debian 7 "Wheezy", these problems have been fixed in version
5.5.58-0+deb7u1.

We recommend that you upgrade your mysql-5.5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlno69wACgkQnUbEiOQ2
gwKJMA//QPdVWVkIOXZLUf5MuQQp71mOOxxngbP8QVxYT8413BcCvKDHzjWu3Je8
djn7T5CzDElAuE8txb6TOZouDt5w85ZQR9vYdtlSOLcrKtNHtP5Xi+8WiI5GA82U
9qKWKgZXmQR8hHQ/cpkO3KHMTUx6TMK0TbEBv6GvO/bTnkvfed2FIjBlOYpq+Uey
6DuX7ng5MDQ9GnGuWxcxpSh0U/VtsnSFvb0vp05h9TksxMix49NFz2u6+5ktIem+
jwqoEHrXg/NUCkKQAgFzeSxAKf1K+PsiKQot0QGENRP1u7mHWAdgK7OBr85O3luQ
61uShxwReFKBFcm8NEUdHsL8w4wFJklZrG8odNJoYfbmV7pw0Cp7jI60PzL5d3da
blmz344lBAe2cNse2i+epq8v1g8gRL3vwMwSb4sLlol04HgcXd+0XTVmKruee+Qy
qRJfvD4E8HqbSeM/Nv0D0yUocSJGcge9/pV8P0J5Z3Q1pg+yZbWkHtSnXdJ1K24W
kQ6bjhXwd1YOe4g1VEbc69NsMHkffgYbkfGvu40/8WXEgv4ZsIp6rDkc+Pjkblv/
4nEbrqQnYUzfSNeCQbEImMUmY6Mh5FfygyXk1AYzJERGVC7rDjX6PwhaE2s9uMV+
H132WsSkHgsNT78G4WF7bpCiJLqQPLypU9BK8QveC7xgKYXH8dI=
=nw/y
-END PGP SIGNATURE-

Re: [debian-mysql] Bug#878402: Bug#878402: Security fixes from the October 2017 CPU

[Salvatore Bonaccorso]

Hi Lars,

On Thu, Oct 19, 2017 at 10:23:15AM +0200, Lars Tangvald wrote:
> 
> 
> On 10/19/2017 10:09 AM, Emilio Pozuelo Monfort wrote:
> > On 18/10/17 20:46, Salvatore Bonaccorso wrote:
> > > Hi lars,
> > > 
> > > On Wed, Oct 18, 2017 at 03:51:26PM +0200, Lars Tangvald wrote:
> > > > Hi,
> > > > 
> > > > 5.5.58 packages for Debian 7 and 8 are built, and pass the test suite.
> > > > Attached are debdiff files for Wheezy and Jessie (source is also pushed 
> > > > to
> > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__anonscm.debian.org_cgit_pkg-2Dmysql_mysql-2D5.5.git=DwICaQ=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10=HPjEzLhETPj8fl9HCxxISaaV3f5tXDpGXDR3R2IELxg=00T7TUZCwXkig-wYCf-35nC5VNSQmjNOsNq0TOBoXBs=MPjTux6yCV6-5Si_VECXoTwgZxgsyNIHfNSpH1nq2ws=
> > > >  )
> > > > As before, we unfortunately don't have a DD in our team that can 
> > > > sponsor the
> > > > upload, so we need assistance with that.
> > > I will look into it for jessie-security then.
> > > 
> > > > I'm not sure if the security team still handles Debian8, or if the lts 
> > > > team
> > > > does now?
> > > Yes, Debian 8 Jessie is still yet handled by the security team.
> > And I will take of Debian 7 (wheezy). Thanks for preparing the update!
> > 
> > Cheers,
> > Emilio
> Thanks for the help to both of you! :)

FTR, I just released DSA-4002-1 for mysql-5.5 in jessie-security.

Thanks for preparing the import.

Regards,
Salvatore