Bug#811428: [debian-mysql] Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

2016-01-25 Thread Salvatore Bonaccorso 
Hi Lars,

On Fri, Jan 22, 2016 at 08:25:30AM -0800, Lars Tangvald wrote:
> Hi Salvatore,
> 
> I'll get the wheezy-security package built and tested and send an update as 
> soon as it's done.

Great thanks!

In meanwhile could you please send the resulting debdiff for the
jessie-security upload to us, for a short review? If it is then fine
we can already have the jessie-security package uploaded to
security-master and let the buildd daemons pick the work.

Regards,
Salvatore

Bug#811428: [debian-mysql] Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

2016-01-25 Thread Lars Tangvald 

Hi,

I'll get it sent over shortly.

--
Lars

On 01/25/2016 08:57 AM, Salvatore Bonaccorso wrote:

Hi Lars,

On Fri, Jan 22, 2016 at 08:25:30AM -0800, Lars Tangvald wrote:

Hi Salvatore,

I'll get the wheezy-security package built and tested and send an update as 
soon as it's done.

Great thanks!

In meanwhile could you please send the resulting debdiff for the
jessie-security upload to us, for a short review? If it is then fine
we can already have the jessie-security package uploaded to
security-master and let the buildd daemons pick the work.

Regards,
Salvatore

Bug#811428: [debian-mysql] Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

2016-01-22 Thread Lars Tangvald 
Hi Salvatore,

I'll get the wheezy-security package built and tested and send an update as 
soon as it's done.

regards,
Lars Tangvald

- Original Message -
From: car...@debian.org
To: robie.ba...@ubuntu.com
Cc: 811...@bugs.debian.org, t...@security.debian.org
Sent: Thursday, January 21, 2016 8:15:30 PM GMT +01:00 Amsterdam / Berlin / 
Bern / Rome / Stockholm / Vienna
Subject: [debian-mysql] Bug#811428: mysql-5.5: Multiple security fixes from the 
January 2016 CPU

Hi Robie,

On Thu, Jan 21, 2016 at 09:46:13AM +, Robie Basak wrote:
> Dear Security Team,
> 
> You have asked us to be prompt with helping to prepare security updates
> for you, and we have done so. We have kept the bug updated like you
> asked us last time. The sources are tested and ready. We notified the
> bug as requested, but haven't heard from you. Please let us know how you
> want to coordinate uploading this.

Thanks for preparing an update.

We usually would see a debdiff from the resulting built package (in
case of a new upstream import this can get big, so some autogenerated
files can be filtered out).

We have collected important information for us in advisory preparation
in https://wiki.debian.org/DebianSecurity/AdvisoryCreation especially
relevant from the developers point of view preparing the update
https://wiki.debian.org/DebianSecurity/AdvisoryCreation/SecurityDev .

The changelog itself looks good to me from a quick skim trough. It
addresses all the information we would like to have seen there (CVE
references, bug fixed, reference to Oracle CPU). Thank you.

Important question first: What is the status for the wheezy-security
package for those issues?

Plase make sure for the following: Once you have both, built the
jessie-security one with -sa to include the original orig.tar.gz and
the wheezy-security one explicitly without -sa to not include the orig
source tarball.

Then we need a bit of coordination for the upload order, since
mysql-5.5 is a special case with same source orig.tar.gz for both
wheezy and jessie. Someone of your team with GPG key in the DD keyring
might then upload first the jessie-security one to security-master,
and after it gets accepted there, upload the wheezy-security one.

Regards,
Salvatore

___
pkg-mysql-maint mailing list
pkg-mysql-ma...@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint

Bug#811428: [debian-mysql] Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

2016-01-19 Thread Lars Tangvald 
The updated changelog containing the CPU information can be found at 
https://github.com/ltangvald/mysql-5.5
The final commit is the only change from 
https://anonscm.debian.org/cgit/pkg-mysql/mysql-5.5.git

--
Lars Tangvald

Bug#811428: [debian-mysql] Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

2016-01-19 Thread Norvald H. Ryeng 
The Critical Patch Update is out:  
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html


The following vulnerabilities are fixed by upgrading from MySQL 5.5.46 to  
5.5.47:


CVE-2016-0505
CVE-2016-0546
CVE-2016-0597
CVE-2016-0598
CVE-2016-0600
CVE-2016-0606
CVE-2016-0608
CVE-2016-0609
CVE-2016-0596
CVE-2016-0616

Regards,

Norvald H. Ryeng