Hi, Since Oracle no longer publishes detailed information about security vulnerabilities that are being fixed in MySQL, and their bug tracker is no longer public, Ubuntu must now track upstream MySQL releases as security updates.
MySQL 5.0.95 fixes the following CVEs: CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0114, CVE-2012-0484, CVE-2012-0490. MySQL 5.1.61 fixes the following CVEs: CVE-2011-2262, CVE-2012-0075, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0117, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0490, CVE-2012-0491, CVE-2012-0492, CVE-2012-0493, CVE-2012-0494, CVE-2012-0495, CVE-2012-0496. For more information about the CVEs listed, please consult the January 2012 Oracle Critical Patch Update Advisory: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Today, I have pushed updated MySQL 5.0.95 packages for Ubuntu 8.04 LTS, and updated MySQL 5.1.61 packages for Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10 into the -proposed pocket. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Please report any issues in the tracking bug: https://launchpad.net/bugs/937869 If no issues are reported, I plan on releasing the packages as security updates in a couple of weeks. Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/ -- Ubuntu-qa mailing list Ubuntu-qa@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-qa