On 10/19/2016 08:21 AM, Salvatore Bonaccorso wrote:
Hi Lars, hi Norvald,
On Wed, Oct 19, 2016 at 08:03:00AM +0200, Lars Tangvald wrote:
The following CVEs are fixed in 5.5.53:
CVE-2016-6662 CVE-2016-7440 CVE-2016-5584
The listing of CVE-2016-6662 is confusing here. This should actually
already be addressed in 5.5.52, cf.
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
Any insight on why Oracle claims it to be only fixed in 5.5.53?
Regards,
Salvatore
The CPU listing concerns all platforms, and there were some additional
complexities in the CVE for other platforms.
So for Linux we consider this fixed in 5.5.52, but the complete fix was
in 5.5.53.
Should I remove the CVE from the Debian changelog entry?
I've got the updated packages built and tested, so should have the
debdiff pretty much ready.
--
Lars
