Bug#682210: marked as done (CVE-2012-1735 CVE-2012-0540 CVE-2012-1757 CVE-2012-1756 CVE-2012-1734 CVE-2012-1689)

Thu, 26 Jul 2012 00:24:18 -0700 

Your message dated Thu, 26 Jul 2012 08:21:13 +0100
with message-id <5010efe9.1020...@periapt.co.uk>
and subject line mysql-5.5
has caused the Debian Bug report #682210,
regarding CVE-2012-1735 CVE-2012-0540 CVE-2012-1757 CVE-2012-1756 CVE-2012-1734 
CVE-2012-1689
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
682210: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682210
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: mysql-5.5
Severity: grave
Tags: security

New MySQL security round:

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

CVE-2012-1735   MySQL Server    MySQL Protocol  Server Optimizer        No      
6.8     Network         Low     Single  None  None  Complete  5.5.23 and 
earlier   
CVE-2012-0540   MySQL Server    MySQL Protocol  GIS Extension           No      
4.0     Network         Low     Single  None  None  Partial+  5.1.62 and 
earlier, 5.5.23 and earlier   
CVE-2012-1757   MySQL Server    MySQL Protocol  InnoDB                  No      
4.0     Network         Low     Single  None  None  Partial+  5.5.23 and 
earlier   
CVE-2012-1756   MySQL Server    MySQL Protocol  Server                  No      
4.0     Network         Low     Single  None  None  Partial+  5.5.23 and 
earlier    
CVE-2012-1734   MySQL Server    MySQL Protocol  Server Optimizer        No      
4.0     Network         Low     Single  None  None  Partial+  5.1.62 and 
earlier, 5.5.23 and earlier   
CVE-2012-1689   MySQL Server    MySQL Protocol  Server Optimizer        No      
4.0     Network         Low     Single  None  None  Partial+  5.1.62 and 
earlier, 5.5.22 and earlier    

The advisory is confusing, I'm not sure which upstream version fixes these
issues. I'm afraid we'll have to update to a new upstream, though.

Maybe we can switch to a FLOSS-friendly fork like mariadb after Wheezy
release...

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
No reply from security team so closing.

--- End Message ---

Reply via email to