Bug#712730: forwarded

forwarded 712730 http://bugs.mysql.com/bug.php?id=69374 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#687484: [debian-mysql] Bug#687484: Status of CVE-2012-4414: SQL injection

? If not could you please give reasoning, thank you. This issue was fixed as CVE-2013-0375 in MySQL 5.1.67 and 5.5.29 [1]. CVE-2013-0375 and CVE-2012-4414 are equivalent. Regards, Norvald H. Ryeng [1] http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html#AppendixMSQL

Bug#811443: mysql-5.6: Multiple security fixes from the January 2016 CPU

. The CVE numbers will be available when the CPU is released. Regards, Norvald H. Ryeng [1] http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

5.5.47. The CVE numbers will be available when the CPU is released. All necessary work to upgrade to 5.5.47 has already been done in git. Someone just needs to tag it and upload. Regards, Norvald H. Ryeng [1] http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Bug#811428: [debian-mysql] Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU

CVE-2016-0609 CVE-2016-0596 CVE-2016-0616 Regards, Norvald H. Ryeng

Bug#811443: [debian-mysql] Bug#811443: mysql-5.6: Multiple security fixes from the January 2016 CPU

CVE-2016-0609 CVE-2016-0596 CVE-2016-0503 CVE-2016-0504 CVE-2016-0607 CVE-2016-0611 CVE-2016-0595 CVE-2016-0610 Regards, Norvald H. Ryeng

Bug#821100: Security fixes from the April 2016 CPU

. The CVE numbers will be available when the CPU is released. Regards, Norvald H. Ryeng [1] http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html

Bug#821094: [debian-mysql] Bug#821094: Security fixes from the April 2016 CPU

Vulnerabilities fixed by upgrading from 5.6.28 to 5.6.30: CVE-2015-3194 CVE-2016-0639 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0655 CVE-2016-0661 CVE-2016-0665 CVE-2016-0666 CVE-2016-0668

Bug#821100: [debian-mysql] Bug#821100: Security fixes from the April 2016 CPU

Vulnerabilities fixed by upgrading from 5.5.47 to 5.5.49: CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0666 CVE-2016-2047

Bug#821094: Security fixes from the April 2016 CPU

. The CVE numbers will be available when the CPU is released. Regards, Norvald H. Ryeng [1] http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html

Bug#841163: Security fixes from the October 2016 CPU

. The CVE numbers will be available when the CPU is released. Regards, Norvald H. Ryeng [1] http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Bug#841050: Security fixes from the October 2016 CPU

5.5.53. The CVE numbers will be available when the CPU is released. Regards, Norvald H. Ryeng [1] http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Bug#841049: Security fixes from the October 2016 CPU

. The CVE numbers will be available when the CPU is released. Regards, Norvald H. Ryeng [1] http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Bug#844275: [debian-mysql] Bug#844275: mysql_config injects build flags which breaks the build for other packages

mysql_config and mysqlclient.pc pick up compile flags from the build environment. We have a fix for this upstream, and I've backported it to 5.7.16 (see attachment). I haven't tested it with sbuild/dpkg, so when applying this, please verify that mysql_config and mysqlclient.pc don't pick up any

Bug#851233: Security fixes from the January 2017 CPU

5.5.54. The CVE numbers will be available when the CPU is released. Regards, Norvald H. Ryeng [1] http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Bug#851234: Security fixes from the January 2017 CPU

. The CVE numbers will be available when the CPU is released. Regards, Norvald H. Ryeng [1] http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Bug#851235: Security fixes from the January 2017 CPU

. The CVE numbers will be available when the CPU is released. Regards, Norvald H. Ryeng [1] http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Bug#860544: Security fixes from the April 2017 CPU

. The CVE numbers will be available when the CPU is released. Please note that the MySQL release cycle has changed from every two months to every three months. The releases are now synchronized with the CPU announcements. Best regards, Norvald H. Ryeng [1] http://www.oracle.com/technetwork

Bug#860547: Security fixes from the April 2017 CPU

. The CVE numbers will be available when the CPU is released. Please note that the MySQL release cycle has changed from every two months to every three months. The releases are now synchronized with the CPU announcements. Best regards, Norvald H. Ryeng [1] http://www.oracle.com/technetwork/security

Bug#860544: [debian-mysql] Bug#860544: Security fixes from the April 2017 CPU

en fixed in 5.5.55. Best regards, Norvald H. Ryeng

Bug#868788: [debian-mysql] Security fixes from the July 2017 CPU

ooks like there aren't any DDs around. Could you help us out with this upload, please? Best regards, Norvald H. Ryeng

Bug#878398: Security fixes from the October 2017 CPU

. The CVE numbers will be available when the CPU is released. Regards, Norvald H. Ryeng [1] http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Bug#878402: Security fixes from the October 2017 CPU

5.5.58. The CVE numbers will be available when the CPU is released. Regards, Norvald H. Ryeng [1] http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html