mysql 5.6.25 also fixes CVE-2012-5615[0], quoting from cve.mitre.org[1] : """ Oracle MySQL 5.5.38 and earlier, **5.6.19 and earlier**, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames. """
[0] http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5615.html [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5615 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1475294 Title: mysql 5.5.44, 5.6.25 security update tracking bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1475294/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs