Hi,
Thanks for the report. We'll look into it.
This might be the same issue as https://bugs.mysql.com/bug.php?id=79185.
--
Lars
On 11/06/2015 10:24 AM, Eriksson, Ulric wrote:
Package: mysql-server-core-5.5
Version: 5.5.44-0+deb7u1
Severity: important
Dear Maintainer,
Last week, we upgraded
Hi,
I'll work on making sure this is added for the 5.7 packaging.
--
Lars
- Original Message -
From: robie.ba...@ubuntu.com
To: 812...@bugs.debian.org
Sent: Thursday, January 28, 2016 11:51:13 AM GMT +01:00 Amsterdam / Berlin /
Bern / Rome / Stockholm / Vienna
Subject: [debian-mysql]
In MySQL 5.7 the libmysqld-pic package is no longer included and all
dependencies on it should be changed to libmysqld-dev.
The build-dependency on mysql-server-core-5.6 | mysql-server-core also doesn't
work as intended, as the mysql-server-core package was removed in 5.6. It
should probably
The updated changelog containing the CPU information can be found at
https://github.com/ltangvald/mysql-5.5
The final commit is the only change from
https://anonscm.debian.org/cgit/pkg-mysql/mysql-5.5.git
--
Lars Tangvald
Hi Salvatore,
I'll get the wheezy-security package built and tested and send an update as
soon as it's done.
regards,
Lars Tangvald
- Original Message -
From: car...@debian.org
To: robie.ba...@ubuntu.com
Cc: 811...@bugs.debian.org, t...@security.debian.org
Sent: Thursday, January 21
The git tree is missing a copyright update made by the security team,
which will need to be merged.
--
Lars Tangvald
On 01/19/2016 10:02 PM, Norvald H. Ryeng wrote:
The Critical Patch Update is out:
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
The following
Hi,
I'll get it sent over shortly.
--
Lars
On 01/25/2016 08:57 AM, Salvatore Bonaccorso wrote:
Hi Lars,
On Fri, Jan 22, 2016 at 08:25:30AM -0800, Lars Tangvald wrote:
Hi Salvatore,
I'll get the wheezy-security package built and tested and send an update as
soon as it's done.
Great thanks
tree.
Once it's merged into Alioth we'll need someone to take over for tag and
upload.
--
Lars Tangvald
http://anonscm.debian.org/cgit/pkg-mysql/mysql-5.5.git/ is updated.
I'll send a notice to the security team. They may want us to do the
upload, in which case we'll need someone who has the permissions to do so :)
--
Lars Tangvald
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
The package has been eol'ed by upstream.
It never made it past the alpha stage, and there will be no further
releases.
-- System Information:
Debian Release: stretch/sid
APT prefers
Hi,
- car...@debian.org wrote:
> Hi Lars,
>
> On Wed, Apr 20, 2016 at 08:20:56AM +0200, Salvatore Bonaccorso wrote:
> > Hi Lars,
> >
> > On Tue, Apr 19, 2016 at 12:27:51PM -0700, Lars Tangvald wrote:
> > > We've prepared MySQL 5.5.49 packages for Debia
- jida...@jidanni.org wrote:
> So I have to enable it, but don't need to run it, before each
> upgrade.
> Not very logical.
>
Yeah, I'm working on fixing the maintainer script to not rely on the service
being enabled to work (and maybe give a nicer error than "exit code 1" if
there's a
- j...@debian.org wrote:
> On Mon, Jan 30, 2017 at 06:38:16PM +, Robie Basak wrote:
> > > So how about this, just a sketch at the moment rather than a full
> > > patch?
> >
> > Your sketch seems good to me, assuming that "dpkg-query --search"
> is
> > permitted from maintainer scripts
On 01/30/2017 10:28 AM, Robie Basak wrote:
Hi Julian,
Thank you for reporting this.
On Mon, Jan 30, 2017 at 09:24:46AM +0100, Lars Tangvald wrote:
Anyone else have any good ideas on how to handle this?
I think the root cause here is that both MySQL and MariaDB packaging
"own"
Package: ftp.debian.org
Severity: normal
The package is replaced by mysql-5.7 (dependencies moved to mysql-defaults)
On 01/29/2017 01:13 PM, Julian Gilbey wrote:
On Sat, Jan 28, 2017 at 09:21:13PM +, Julian Gilbey wrote:
Package: mysql-server-5.7
Version: 5.7.16-2
Severity: serious
Hello!
I'm really confused by the change in the postrm introduced in response
to LP: #1602945, and I simply do not
On 02/21/2017 01:59 PM, Julian Gilbey wrote:
On Tue, Feb 21, 2017 at 01:27:44PM +0100, Lars Tangvald wrote:
I've looked at it some more, and I'm hesitant about including such a big
patch for a pretty rare scenario, which in the worst case does ask the
following:
The /var/lib/mysql directory
CVE List for 5.6:
CVE-2016-8318
CVE-2016-8327
CVE-2017-3238
CVE-2017-3244
CVE-2017-3257
CVE-2017-3258
CVE-2017-3265
CVE-2017-3273
CVE-2017-3291
CVE-2017-3312
CVE-2017-3313
CVE-2017-3317
CVE-2017-3318
--
Lars
On 01/17/2017 09:48 PM, Lars Tangvald wrote:
I've built and tested the update
CVE List for 5.7:
CVE-2016-8318
CVE-2016-8327
CVE-2017-3238
CVE-2017-3244
CVE-2017-3251
CVE-2017-3256
CVE-2017-3257
CVE-2017-3258
CVE-2017-3265
CVE-2017-3273
CVE-2017-3291
CVE-2017-3312
CVE-2017-3313
CVE-2017-3317
CVE-2017-3318
CVE-2017-3319
CVE-2017-3320
--
Lars
On 01/17/2017 09:48 PM, Lars
CVE List for 5.5:
CVE-2017-3238
CVE-2017-3243
CVE-2017-3244
CVE-2017-3258
CVE-2017-3265
CVE-2017-3291
CVE-2017-3312
CVE-2017-3313
CVE-2017-3317
CVE-2017-3318
--
Lars
On 01/13/2017 09:19 AM, Norvald H. Ryeng wrote:
Source: mysql-5.5
Version: 5.5.53-0+deb8u1
Severity: grave
Tags: security
Hi,
On 01/18/2017 12:39 PM, Salvatore Bonaccorso wrote:
Hi Lars,
On Wed, Jan 18, 2017 at 10:33:30AM +0100, Lars Tangvald wrote:
Hi,
The update builds and passes testing.
I've attached debdiff output for Wheezy and Jessie for this update. Aside
from the changelog, the only change to packaging
I've built and tested the update, and will pass debdiffs on to the security
team once the CVE list is available.
--
Lars
- norvald.ry...@oracle.com wrote:
> Source: mysql-5.6
> Version: 5.6.34-1
> Severity: grave
> Tags: security upstream fixed-upstream
>
> The Oracle Critical Patch Update
I've built and tested the updates, and will pass debdiffs on to the security
team once the CVE list is available.
--
Lars
- norvald.ry...@oracle.com wrote:
> Source: mysql-5.7
> Version: 5.7.16-2
> Severity: grave
> Tags: security upstream fixed-upstream
>
> The Oracle Critical Patch
I've built and tested the updates, and will pass debdiffs on to the security
team once the CVE list is available.
--
Lars
- norvald.ry...@oracle.com wrote:
> Source: mysql-5.5
> Version: 5.5.53-0+deb8u1
> Severity: grave
> Tags: security upstream fixed-upstream
>
> The Oracle Critical
- car...@debian.org wrote:
> Hi Lars,
>
> On Wed, Jan 18, 2017 at 06:41:40AM -0800, Lars Tangvald wrote:
> >
> > - car...@debian.org wrote:
> >
> >
> > > > >With that fixed, and build with -sa (to include the orig
> tarball)
> >
- car...@debian.org wrote:
> > >With that fixed, and build with -sa (to include the orig tarball)
> > >please do upload to security-master.
> > Do we have access to upload here? I think the security team have
> handled the
> > upload in the past.
>
> yes it nees to be a key in the DD
Thanks, Bjoern. Did you run the dep8 test suite as well (I just started
a full test run now, so no big deal either way)?
--
Lars
On 09/15/2016 12:54 PM, Bjoern Boschman wrote:
Hi,
I've updated the git repo after I did a successful build on jessie.
Someone with upload rights just needs to
build-stamp fails, but there's no error message that I can see
...
[ 6%] Building CXX object
extra/yassl/taocrypt/CMakeFiles/taocrypt.dir/src/dh.cpp.o
cd /«PKGBUILDDIR»/builddir-pic/extra/yassl/taocrypt &&
/usr/bin/arm-linux-gnueabihf-g++ -DHAVE_CONFIG_H -D_FORTIFY_SOURCE=2
-O3
Yeah, we'll look into it some more.
I've seen the sort of sudden exits without errors before if a host runs out of
memory, but the requirements for building 5.5 are low and shouldn't have
changed significantly.
--
Lars
- car...@debian.org wrote:
> Control: severity -1 important
>
> Hi
Do you know how the build is set up? Parallelization, etc.
The hosts look the same, to me, so seems likely the build is simply
unstable.
--
Lars
On 09/18/2016 12:03 PM, Lars Tangvald wrote:
Yeah, we'll look into it some more.
I've seen the sort of sudden exits without errors before
Send the below to the incorrect address (it's largely rendered moot by the
discussion about the kubuntu patch, but including it anyway):
The change in the MySQL default was made because the old default (unrestricted)
was considered a potential security risk.
However, we also backported
Forgot to add in the bug.
On 11/09/2016 10:01 AM, Lars Tangvald wrote:
On 11/09/2016 08:59 AM, Lucas Nussbaum wrote:
On 09/11/16 at 08:17 +0100, Lars Tangvald wrote:
On 11/07/2016 03:43 PM, Lucas Nussbaum wrote:
Hi,
I don't think it's random: the rebuild is automatically retried
when
On 11/09/2016 10:11 AM, Lars Tangvald wrote:
Forgot to add in the bug.
On 11/09/2016 10:01 AM, Lars Tangvald wrote:
On 11/09/2016 08:59 AM, Lucas Nussbaum wrote:
On 09/11/16 at 08:17 +0100, Lars Tangvald wrote:
On 11/07/2016 03:43 PM, Lucas Nussbaum wrote:
Hi,
I don't think it's
- lu...@debian.org wrote:
>
> Hi,
>
> I don't think that my test is run as root. So it might be something
> else...
>
> Lucas
The error message is access denied for 'root'@'localhost', but the test itself
tries to log in as the current system user (it's supposed to be blank, but
On 11/08/2016 10:53 PM, Dominic Hargreaves wrote:
Hi Lars,
Now uploaded.
Cheers,
Dominic.
Great, thanks!
--
Lars
Hi all,
We prepared a security upload for the Oracle October 2016 CPU, but we need
someone with access to sponsor the upload to Debian unstable. Is anyone
available to do this?
The source should be ready to go from
https://anonscm.debian.org/cgit/pkg-mysql/mysql.git
--
Lars
Hi,
I can't reproduce this failure, with 5.7.15 or the 5.7.16 we've prepared
for #841163
I think maybe this is an unstable test, in which case we can disable it
until it's resolved upstream.
Could you retry the build and see if it happens again?
--
Lars
Hi,
It's probably something with your setup the upgrade logic can't handle
correctly.
In 5.5.53, MySQL changes the inbuilt secure-file-priv (determined where
the server can read/write data for import/export operations) default
setting from blank, meaning the server has read/write access
Hi, thanks for the report.
We're aware of the general issue (installation fails if service is disabled).
It's also tracked here:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1592669
The most likely solution for this is:
If service is disabled but server isn't running: Start it in a
- fsate...@debian.org wrote:
> On 19 October 2016 at 14:08, Lars Tangvald <lars.tangv...@oracle.com>
> wrote:
> >
> > - fsate...@debian.org wrote:
> >
> >> Package: mysql-server-5.7
> >> Version: 5.7.15-1
> >> Severity: impor
:03:00AM +0200, Lars Tangvald wrote:
The following CVEs are fixed in 5.5.53:
CVE-2016-6662 CVE-2016-7440 CVE-2016-5584
The listing of CVE-2016-6662 is confusing here. This should actually
already be addressed in 5.5.52, cf.
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution
Hi,
On 10/19/2016 10:18 AM, Moritz Muehlenhoff wrote:
Hi,
On Wed, Oct 19, 2016 at 09:10:59AM +0200, Lars Tangvald wrote:
So for Linux we consider this fixed in 5.5.52, but the complete fix
was in 5.5.53.
Is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837984
addressed in 5.5.53
The following CVEs are fixed by 5.7.16:
CVE-2016-5584 CVE-2016-6304 CVE-2016-6662 CVE-2016-7440
--
Lars
On 10/18/2016 10:24 AM, Norvald H. Ryeng wrote:
Source: mysql-5.7
Version: 5.7.15-1
Severity: grave
Tags: security upstream fixed-upstream
The Oracle Critical Patch Update for October 2016
The following CVEs are noted as fixed since 5.6.30:
CVE-2016-3492 CVE-2016-5507 CVE-2016-5584 CVE-2016-5609
CVE-2016-5612 CVE-2016-5616 CVE-2016-5617 CVE-2016-5626
CVE-2016-5627 CVE-2016-5629 CVE-2016-5630 CVE-2016-6304
CVE-2016-6662 CVE-2016-7440 CVE-2016-8283 CVE-2016-8284
--
Lars
On
The following CVEs are fixed in 5.5.53:
CVE-2016-6662 CVE-2016-7440 CVE-2016-5584
On 10/17/2016 10:05 AM, Norvald H. Ryeng wrote:
Source: mysql-5.5
Version: 5.5.52-0+deb8u1
Severity: grave
Tags: security upstream fixed-upstream
The Oracle Critical Patch Update for October 2016 will be released
On 10/19/2016 08:21 AM, Salvatore Bonaccorso wrote:
Hi Lars, hi Norvald,
On Wed, Oct 19, 2016 at 08:03:00AM +0200, Lars Tangvald wrote:
The following CVEs are fixed in 5.5.53:
CVE-2016-6662 CVE-2016-7440 CVE-2016-5584
The listing of CVE-2016-6662 is confusing here. This should actually
On 10/15/2016 06:10 PM, Clint Byrum wrote:
Excerpts from Olaf van der Spek's message of 2016-10-15 17:59:36 +0200:
Package: mysql-server
Version: 5.5.52-0+deb8u1
Severity: wishlist
Dear Maintainer,
What's the plan for MySQL 5.7? AFAIK it was released in April, will it be
included in
MySQL 5.7 is available in unstable now :)
--
Lars
- robie.ba...@ubuntu.com wrote:
> Hi Craig,
>
> On Tue, Oct 25, 2016 at 08:01:26PM +1100, Craig Sanders wrote:
> > it's somewhat surprising that a package called default-mysql-client
> should
> > force the removal of both mysql-client and mysql-server packages.
>
> Please could you explain
- fsate...@debian.org wrote:
> Package: mysql-server-5.7
> Version: 5.7.15-1
> Severity: important
>
>
> Switching from mariadb to mysql fails with the following error
> message:
>
> Aborting downgrade from (at least) 10.0 to 5.7.
> If are sure you want to downgrade to 5.7, remove the
- lu...@debian.org wrote:
> On 14/11/16 at 02:47 -0800, Lars Tangvald wrote:
> >
> > - lu...@debian.org wrote:
> >
> > > On 13/11/16 at 22:59 -0800, Lars Tangvald wrote:
> > > >
> > > > - lu...@debian.org wrote:
>
- lu...@debian.org wrote:
> On 13/11/16 at 22:59 -0800, Lars Tangvald wrote:
> >
> > - lu...@debian.org wrote:
> >
> > > > Do you have the logs from the last run?
> > > > While we could disable the test that's failing, it would be
>
On 11/23/2016 11:10 AM, Norvald H. Ryeng wrote:
mysql_config and mysqlclient.pc pick up compile flags from the build
environment. We have a fix for this upstream, and I've backported it to
5.7.16 (see attachment).
I haven't tested it with sbuild/dpkg, so when applying this, please
verify that
On 11/18/2016 08:00 AM, Lars Tangvald wrote:
Hi,
On 11/17/2016 06:02 PM, Jean Louis wrote:
I am sorry, that I filed bug in the wrong package, it was
unintentional mistake. It should be in mysql-server. And I know all
about specifics.
In my case, there is nothing that I have changed in my
Hi,
On 11/17/2016 06:02 PM, Jean Louis wrote:
I am sorry, that I filed bug in the wrong package, it was
unintentional mistake. It should be in mysql-server. And I know all
about specifics.
In my case, there is nothing that I have changed in my Mysql
configuration from the plain install. That
- lu...@debian.org wrote:
> > Do you have the logs from the last run?
> > While we could disable the test that's failing, it would be
> counterproductive since we can't reproduce the issue in any of our
> normal build environments.
>
> This is the log without your patch applied
>
> Lucas
Forgot the bug
--
Lars--- Begin Message ---
- lu...@debian.org wrote:
> On 09/11/16 at 07:27 -0800, Lars Tangvald wrote:
> >
> > - lu...@debian.org wrote:
> >
> > >
> > > Hi,
> > >
> > > I don't think that my t
- lu...@debian.org wrote:
> > Do you have the logs from the last run?
> > While we could disable the test that's failing, it would be
> counterproductive since we can't reproduce the issue in any of our
> normal build environments.
>
> This is the log without your patch applied
>
> Lucas
As noted in the changelog for 5.6.34 at
https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html,
5.6.34 contains a change that requires packaging changes and could
potentially impact users:
By default the server will restrict the server's access for SELECT INTO
OUTFILE and LOAD DATA
As noted in the changelog for 5.5.53 at
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html,
MySQL 5.5.53 contains a change that requires packaging changes and could
potentially impact users:
By default the server will restrict the server's access for SELECT INTO
OUTFILE and LOAD
Hi,
We've had a fix for this prepared for some time now, but haven't been
able to find anyone to sponsor an upload to unstable. Do you know anyone
who might be able to help?
It's ready to go from the mysql-5.7/debian/master branch at
https://anonscm.debian.org/cgit/pkg-mysql/mysql.git
--
Hi,
There isn't really a way to verify the thread safety aside from what's
in the test suite, but how old systems do you consider when you say «old
boxes»? Ones with eol'ed versions of MySQL (< 5.5)?
In 5.5 and 5.6 there's no difference between libmysqlclient and
libmysqlclient_r, as the
Hi,
On 12/06/2016 05:55 PM, Andreas Beckmann wrote:
Package: mysql-server-core-5.7
Version: 5.7.16-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'jessie'.
It installed fine in 'jessie', then
Verified on my own build vm.
Looking at https://buildd.debian.org/status/package.php?p=mysql-5.6=sid
the m68k build failed like this before as well, and it was last attempted more
recently than the rest. So I'm guessing something we need is no longer
available in the minimal sid chroot by
5.7 has a fix for this in place (editline uses a different datatype in newer
versions). At first glance it looks like it should be simple to apply the same
fix for 5.6.
--
Lars
- a...@debian.org wrote:
> Source: mysql-5.6
> Version: 5.6.34-1
> Severity: serious
> Justification: fails to
- gabs...@lelutin.ca wrote:
> Ugh, I fail at reportbug again :(
>
> real sorry about the initial report.
>
> here's the real description of the problem:
>
>
> when upgrading from jessie to stretch, the upgrade goes through
> without
> an error but the end result is that mysql-server-5.5
On 03/15/2017 09:01 AM, Otto Kekäläinen wrote:
Hello!
One way to make this an easier transition would be to have a
mysql-server package in stretch that's a dummy package that depends
on
default-mysql-server, and that has an upgrade notice about the
transition to mariadb that is happening.
On 03/15/2017 07:25 AM, Gabriel Filion wrote:
Lars Tangvald:
- gabs...@lelutin.ca wrote:
Ugh, I fail at reportbug again :(
real sorry about the initial report.
here's the real description of the problem:
when upgrading from jessie to stretch, the upgrade goes through
without
for 5.5
--
Lars
On 19. april 2017 15:30, Salvatore Bonaccorso wrote:
Hi Lars,
On Wed, Apr 19, 2017 at 04:26:30AM -0700, Lars Tangvald wrote:
Hi,
We've prepared and tested the update to MySQL 5.5.55 for Jessie.
Debdiff output is attached.
Only packaging changes are one refreshed patch and one
Hi,
- car...@debian.org wrote:
> Hi Lars,
>
> On Wed, Apr 19, 2017 at 04:26:30AM -0700, Lars Tangvald wrote:
> > Hi,
> >
> >
> > We've prepared and tested the update to MySQL 5.5.55 for Jessie.
> > Debdiff output is attached.
> > Only pack
Hei,
Denne patchen:
https://anonscm.debian.org/cgit/pkg-mysql/mysql-5.5.git/tree/debian/patches/fix_use_after_free_in_mysql_prune_stmt_list.patch?h=debian/wheezy
Ble lagt til (kun debian 7) for 5.5.54, og får konflikt i 5.5.55. Har du tid
til å ta en titt og evt. lage oppdatert patch?
--
Lars
On 04/21/2017 08:04 AM, Salvatore Bonaccorso wrote:
Hi Lars,
On Fri, Apr 21, 2017 at 06:07:40AM +0200, Lars Tangvald wrote:
Hi,
I lost internet connectivity where I am right now, so probably unable to get
this done until Monday. Could maybe use the previous debdiff for Jessie if
you're ok
Whoops, that went to the wrong address...
Message just says that a patch added by the lts team to 5.5.54 doesn't apply on
5.5.55 :)
--
Lars
- lars.tangv...@oracle.com wrote:
> Hei,
>
> Denne patchen:
>
CVE list for 5.5:
CVE-2017-3302
CVE-2017-3305
CVE-2017-3308
CVE-2017-3309
CVE-2017-3329
CVE-2017-3453
CVE-2017-3456
CVE-2017-3461
CVE-2017-3462
CVE-2017-3463
CVE-2017-3464
CVE-2017-3600
--
Lars
CVE List for 5.7:
CVE-2017-3308
CVE-2017-3309
CVE-2017-3329
CVE-2017-3331
CVE-2017-3450
CVE-2017-3453
CVE-2017-3454
CVE-2017-3455
CVE-2017-3456
CVE-2017-3457
CVE-2017-3458
CVE-2017-3459
CVE-2017-3460
CVE-2017-3461
CVE-2017-3462
CVE-2017-3463
CVE-2017-3464
CVE-2017-3465
CVE-2017-3467
CVE-2017-3468
will update the bug with CVE numbers when they become available, and
test the update to ensure there are no packaging issues that need
addressing.
Regards,
Lars Tangvald
[1]
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Hi,
I'll look into this (wouldn't normally take long since there aren't that many
changes in 5.5, but most of us are on vacation) and get back to you.
That said, if this is not a regression/bug, then it _is_ likely to be a change
made precisely for security reasons.
What exactly do you use the
will update the bug with CVE numbers when they become available, and
test the update to ensure there are no packaging issues that need
addressing.
Regards,
Lars Tangvald
[1]
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
CVE List for 5.7:
CVE-2017-3529
CVE-2017-3633
CVE-2017-3634
CVE-2017-3635
CVE-2017-3637
CVE-2017-3638
CVE-2017-3639
CVE-2017-3640
CVE-2017-3641
CVE-2017-3642
CVE-2017-3643
CVE-2017-3644
CVE-2017-3645
CVE-2017-3646
CVE-2017-3647
CVE-2017-3648
CVE-2017-3649
CVE-2017-3650
CVE-2017-3651
CVE list for 5.5:
CVE-2017-3635
CVE-2017-3636
CVE-2017-3641
CVE-2017-3648
CVE-2017-3651
CVE-2017-3652
CVE-2017-3653
--
Lars
On 04/24/2017 10:27 AM, Salvatore Bonaccorso wrote:
Hi Lars,
On Mon, Apr 24, 2017 at 07:59:36AM +0200, Lars Tangvald wrote:
On 04/21/2017 08:04 AM, Salvatore Bonaccorso wrote:
Hi Lars,
On Fri, Apr 21, 2017 at 06:07:40AM +0200, Lars Tangvald wrote:
Hi,
I lost internet connectivity where
Are there files in /var/lib/mysql (or other location if a custom datadir
is used) or /etc/mysql before installation? Even if it's a "fresh"
install there may be files present in those locations, and then MySQL
would try to continue using them.
Older packages also didn't remove any of these
CVE List for 5.7:
CVE-2017-3731
CVE-2017-10155
CVE-2017-10165
CVE-2017-10167
CVE-2017-10227
CVE-2017-10268
CVE-2017-10276
CVE-2017-10279
CVE-2017-10283
CVE-2017-10284
CVE-2017-10286
CVE-2017-10294
CVE-2017-10296
CVE-2017-10311
CVE-2017-10313
CVE-2017-10314
CVE-2017-10320
CVE-2017-10365
On 10/19/2017 10:09 AM, Emilio Pozuelo Monfort wrote:
On 18/10/17 20:46, Salvatore Bonaccorso wrote:
Hi lars,
On Wed, Oct 18, 2017 at 03:51:26PM +0200, Lars Tangvald wrote:
Hi,
5.5.58 packages for Debian 7 and 8 are built, and pass the test suite.
Attached are debdiff files for Wheezy
CVE List for 5.5:
CVE-2017-10268
CVE-2017-10378
CVE-2017-10379
CVE-2017-10384
--
Lars
On 13. okt. 2017 12:34, Norvald H. Ryeng wrote:
Source: mysql-5.5
Version: 5.5.57-0+deb8u1
Severity: grave
Tags: security upstream fixed-upstream
The Oracle Critical Patch Update for October 2017 will be
On 01/31/2018 02:19 PM, Olaf van der Spek wrote:
Hi,
Anyone else have any good ideas on how to handle this?
I do. The solution is quite simple: do not, ever, remove user data / databases.
It makes everything so much simpler, both on the user side and on the
dev side. No weird questions
Correction: This should be for 5.7.22, I think.
CVE List:
CVE-2018-0739
CVE-2018-2767
CVE-2018-3054
CVE-2018-3056
CVE-2018-3058
CVE-2018-3060
CVE-2018-3061
CVE-2018-3062
CVE-2018-3064
CVE-2018-3065
CVE-2018-3066
CVE-2018-3070
CVE-2018-3071
CVE-2018-3077
CVE-2018-3081
--
Lars
On 07/20/2018
Also note 5.7.23 has not yet been released (it will be out by the end of
the month).
--
Lars
On 07/20/2018 07:34 AM, Lars Tangvald wrote:
Correction: This should be for 5.7.22, I think.
CVE List:
CVE-2018-0739
CVE-2018-2767
CVE-2018-3054
CVE-2018-3056
CVE-2018-3058
CVE-2018-3060
CVE-2018
Hi,
We'll prepare the update once 5.7.22 has been released (the release is
almost always before the advisory, but not this time).
--
Lars
On 04/18/2018 03:00 PM, Salvatore Bonaccorso wrote:
Source: mysql-5.7
Version: 5.7.21-1
Severity: grave
Tags: security upstream
Hi
Detail at
Hi
5.7.24 has been released now. I'll prepare the upload for unstable.
--
Lars
On 17. okt. 2018 11:11, Salvatore Bonaccorso wrote:
Source: mysql-5.7
Version: 5.7.23-2
Severity: grave
Tags: security upstream
Hi
Details at
CVE List:
CVE-2018-0734
CVE-2019-2420
CVE-2019-2434
CVE-2019-2455
CVE-2019-2481
CVE-2019-2482
CVE-2019-2486
CVE-2019-2503
CVE-2019-2507
CVE-2019-2510
CVE-2019-2528
CVE-2019-2529
CVE-2019-2531
CVE-2019-2532
CVE-2019-2534
CVE-2019-2537
I'll build and test the update so we can get it uploaded.
--
CVE list for this:
CVE-2019-2910
CVE-2019-2911
CVE-2019-2914
CVE-2019-2922
CVE-2019-2923
CVE-2019-2924
CVE-2019-2938
CVE-2019-2946
CVE-2019-2948
CVE-2019-2960
CVE-2019-2969
CVE-2019-2974
CVE-2019-2993
CVE-2019-5443
We haven't been doing good at keeping this updated for the last releases
(the
Thanks. I'm waiting for maintainer access to the source package, and I
should be able to finally get all these closed.
--
Lars
On 28.01.2020 08:20, Salvatore Bonaccorso wrote:
Source: mysql-5.7
Version: 5.7.26-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi
-2020-14870 CVE-2020-14873 CVE-2020-14878
- CVE-2020-14888 CVE-2020-14891 CVE-2020-14893
Ref: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL
Regards,
Lars Tangvald
-2060 CVE-2021-2061 CVE-2021-2065 CVE-2021-2070
- CVE-2021-2072 CVE-2021-2076 CVE-2021-2081 CVE-2021-2088
- CVE-2021-2122
Ref: https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL
Regards,
Lars Tangvald
Regards,
Lars Tangvald
-2424 CVE-2021-2425 CVE-2021-2426
- CVE-2021-2427 CVE-2021-2429 CVE-2021-2437 CVE-2021-2440
- CVE-2021-2441 CVE-2021-2444 CVE-2021-22901
Ref: https://www.oracle.com/security-alerts/cpujul2021.html#AppendixMSQL
Regards,
Lars Tangvald
Hi,
This is on me. I've been working on getting updates ready, but let
myself get bogged down with more long-running updates to the packaging
(which is pretty outdated with regards to things like the standards
version).
I'd like to make a better effort to keep it up-to-date (just focusing
98 matches
Mail list logo
