Bug#737597: marked as done (mariadb-5.5: CVE-2014-0001: command-line tool buffer overflow via long server version string)

[Debian Bug Tracking System]

Your message dated Tue, 18 Feb 2014 09:21:44 +0000
with message-id <e1wfgs4-0006rj...@franck.debian.org>
and subject line Bug#737597: fixed in mariadb-5.5 5.5.35-1
has caused the Debian Bug report #737597,
regarding mariadb-5.5: CVE-2014-0001: command-line tool buffer overflow via 
long server version string
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
737597: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737597
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: mariadb-5.5
Severity: important
Tags: security upstream fixed-upstream

Hi,

the following vulnerability was published for mariadb-5.5.

CVE-2014-0001[0]:
command-line tool buffer overflow via long server version string

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
    http://security-tracker.debian.org/tracker/CVE-2014-0001
[1] http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1054592

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: mariadb-5.5
Source-Version: 5.5.35-1

We believe that the bug you reported is fixed in the latest version of
mariadb-5.5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 737...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James Page <jamesp...@debian.org> (supplier of updated mariadb-5.5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 17 Feb 2014 16:51:52 +0000
Source: mariadb-5.5
Binary: libmariadbclient18 libmariadbd-dev libmariadbclient-dev mariadb-common 
mariadb-client-core-5.5 mariadb-client-5.5 mariadb-server-core-5.5 
mariadb-test-5.5 mariadb-server-5.5 mariadb-server mariadb-client mariadb-test
Architecture: source all amd64
Version: 5.5.35-1
Distribution: unstable
Urgency: low
Maintainer: Debian MySQL Maintainers <pkg-mysql-ma...@lists.alioth.debian.org>
Changed-By: James Page <jamesp...@debian.org>
Description: 
 libmariadbclient-dev - MariaDB database development files
 libmariadbclient18 - MariaDB database client library
 libmariadbd-dev - MariaDB embedded database development files
 mariadb-client - MariaDB database client (metapackage depending on the latest 
vers
 mariadb-client-5.5 - MariaDB database client binaries
 mariadb-client-core-5.5 - MariaDB database core client binaries
 mariadb-common - MariaDB common metapackage
 mariadb-server - MariaDB database server (metapackage depending on the latest 
vers
 mariadb-server-5.5 - MariaDB database server binaries
 mariadb-server-core-5.5 - MariaDB database core server files
 mariadb-test - MariaDB database regression test suite (metapackage for the 
lates
 mariadb-test-5.5 - MariaDB database regression test suite
Closes: 732967 733002 734426 735284 736480 737597
Changes: 
 mariadb-5.5 (5.5.35-1) unstable; urgency=low
 .
   [ Otto Kekäläinen ]
   * New upstream release, fixing the following security issues:
     - Buffer overflow in client/mysql.cc (Closes: #737597).
       - CVE-2014-0001
     - http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
       - CVE-2013-5891
       - CVE-2013-5908
       - CVE-2014-0386
       - CVE-2014-0393
       - CVE-2014-0401
       - CVE-2014-0402
       - CVE-2014-0412
       - CVE-2014-0420
       - CVE-2014-0437
   * Upstream https://mariadb.atlassian.net/browse/MDEV-4902
     fixes compatibility with Bison 3.0 (Closes: #733002)
   * Updated Russian debconf translation (Closes: #734426)
   * Updated Japanese debconf translation (Closes: #735284)
   * Updated French debconf translation (Closes: #736480)
   * Renamed SONAME properly (Closes: #732967)
Checksums-Sha1: 
 aec5b5c77d545f642c49188e5f0551621ffee674 2944 mariadb-5.5_5.5.35-1.dsc
 b0587452283bbe9b27e222ab76e52c9c78fe9222 43926514 
mariadb-5.5_5.5.35.orig.tar.gz
 14278348bab9e3eab57f0adb1bf2cd68962d7e65 177524 
mariadb-5.5_5.5.35-1.debian.tar.xz
 eb470b5c5b205b522f1f0b2d62015c18045c8b1c 11000 mariadb-common_5.5.35-1_all.deb
 42e50fd609f9a6033a27dcb3ea78675baaff4abf 11108 mariadb-server_5.5.35-1_all.deb
 20467e63f62d1e408366a7c75fb9a14369af54b8 10974 mariadb-client_5.5.35-1_all.deb
 da10e116a5d3d1ffdeb0e04eef85207d9755ccd3 10928 mariadb-test_5.5.35-1_all.deb
 8b53d6ebb7d7ae37fbb87c419f89eeedbee16e51 544708 
libmariadbclient18_5.5.35-1_amd64.deb
 cacf36bed74512abd732a162e773ec4f03bd7c99 6870868 
libmariadbd-dev_5.5.35-1_amd64.deb
 97e615e236688ab9b5b7d67a638d600ecb1a23b8 1270220 
libmariadbclient-dev_5.5.35-1_amd64.deb
 12585f59d9ae656a2a182266ce7fefb0253eb227 729140 
mariadb-client-core-5.5_5.5.35-1_amd64.deb
 fbe737c5519b925b48eee619cf146e442f13c4bc 970598 
mariadb-client-5.5_5.5.35-1_amd64.deb
 6248aa293304bbd6a23fe32eb8b9f98c954632cf 3813040 
mariadb-server-core-5.5_5.5.35-1_amd64.deb
 b60d2754d87cd419de3281f5ce43c2c4d977e842 13003604 
mariadb-test-5.5_5.5.35-1_amd64.deb
 31cf31877ecaa7c28ee90de3514ab4cac509fe57 3637664 
mariadb-server-5.5_5.5.35-1_amd64.deb
Checksums-Sha256: 
 1b7544cafd199b1abf522f9baec0ac97c516a8988daf28a1cdae61d9706c5b2e 2944 
mariadb-5.5_5.5.35-1.dsc
 d3fe65f5cdfdff6eb422ba79f6364b5c157188ef21d394899624bbda1c34d328 43926514 
mariadb-5.5_5.5.35.orig.tar.gz
 abda85c135ceb2d1ce0581bc5f3e366f2a85c25f197170e7d5094783ea054f2f 177524 
mariadb-5.5_5.5.35-1.debian.tar.xz
 1e218832a7673776b9ba016e291f3217037e1c4d7d13328213fa69a72817977e 11000 
mariadb-common_5.5.35-1_all.deb
 63f2de28b5b6b2865237ba5e5024557a3ab96a99cec2c1e28c9f54dac4865c9f 11108 
mariadb-server_5.5.35-1_all.deb
 70795d6a46f1fe40a0a7b2202d378190c7963e2e17e20ecd6ded6aefe8efa174 10974 
mariadb-client_5.5.35-1_all.deb
 2c06766d8a38b633e98acafee2decf75f4a040c0a090528d84770a96df73a366 10928 
mariadb-test_5.5.35-1_all.deb
 cd1cb79394bdb24e49e9ad423e5700107095fa86502501064d47a497cae10a6d 544708 
libmariadbclient18_5.5.35-1_amd64.deb
 0d1b1c9f5b1dded899df1376e5936faf7d7dbca183f0e792bf0f2d687a1dcdb3 6870868 
libmariadbd-dev_5.5.35-1_amd64.deb
 29e6773b7cdcb9a01353c9404901672dccd87bc075b6b5d40f204597c2007dc2 1270220 
libmariadbclient-dev_5.5.35-1_amd64.deb
 521a4557df5d146eef56db0ca637821e77ef9b7e28ee8f33ea39d23b9aeb7c0b 729140 
mariadb-client-core-5.5_5.5.35-1_amd64.deb
 4c26b2fce6c384ddf27c5490e145354d49d6cf6a38d8d9377236d10333c2281c 970598 
mariadb-client-5.5_5.5.35-1_amd64.deb
 671cc7f4d84293551d3b76091c6832d2f594b725064bbd6eb7726edf0020c63d 3813040 
mariadb-server-core-5.5_5.5.35-1_amd64.deb
 f25eec4d1ad0ec7e3fa31070a5852fce90b2f6b7b7a639fd8ed933067f4f78e8 13003604 
mariadb-test-5.5_5.5.35-1_amd64.deb
 7f073b4673bce0d8b9cdbd7f401e1b589d0dfd77adec44624f3121acc50c7ea3 3637664 
mariadb-server-5.5_5.5.35-1_amd64.deb
Files: 
 72f933627fb6cbdab2f4a9c9b46822bf 2944 database optional 
mariadb-5.5_5.5.35-1.dsc
 bd619ca161f78ff3d6a2f40d3a69557e 43926514 database optional 
mariadb-5.5_5.5.35.orig.tar.gz
 02a3d6e6845d128531caa374db7d3ece 177524 database optional 
mariadb-5.5_5.5.35-1.debian.tar.xz
 2e8fea21759d784faf9aba2a12f0f5ba 11000 database optional 
mariadb-common_5.5.35-1_all.deb
 1487aceaddce099d0e0ee49a477abdec 11108 database optional 
mariadb-server_5.5.35-1_all.deb
 758e9357469fef5202b55332cc51a9b9 10974 database optional 
mariadb-client_5.5.35-1_all.deb
 3a19ee405818cea8e9fd92719a00c733 10928 database optional 
mariadb-test_5.5.35-1_all.deb
 d2a07f8fd1f3731b65b39de87160f413 544708 libs optional 
libmariadbclient18_5.5.35-1_amd64.deb
 f568ce2b65563c1dc23a87677f1539c5 6870868 libdevel optional 
libmariadbd-dev_5.5.35-1_amd64.deb
 1dd3e2a724204f67bd424375db50d197 1270220 libdevel optional 
libmariadbclient-dev_5.5.35-1_amd64.deb
 4ebf2d2f4b26db14dd21b6950b212a87 729140 database optional 
mariadb-client-core-5.5_5.5.35-1_amd64.deb
 1d10d9493140dcfa28bc8c798a758ce8 970598 database optional 
mariadb-client-5.5_5.5.35-1_amd64.deb
 ecfb4d7e78c3f348db0d4233bbf8ad3d 3813040 database optional 
mariadb-server-core-5.5_5.5.35-1_amd64.deb
 0121bdb5fb79ef7c776aaaeaf8f639d1 13003604 database optional 
mariadb-test-5.5_5.5.35-1_amd64.deb
 10e170f9cb3d05b7747d905352c795be 3637664 database optional 
mariadb-server-5.5_5.5.35-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJTAyLJAAoJEL/srsug59jDgWUP/3io55BcPf5rQ1dxT06L1iYp
W07N7ftsL4g+YX10GPif5R75/OP6TYB+kVm14bCkYDERjW/3sFHd3i+UwrZ2+F9U
duwbrIsbEfBqVI7SR0P8Ffm9Nm5BwalOnmsgpz/pk3SzEO09TsymnwEu68KiYTTk
oqHY72hz95QlBIeaP+AaJrBkf51JY8YTw2RPnKDecZFaC5ubwjyLnFRPw08e2rBQ
OmgSY7Z6v3bGv3Bo74AWarE8lbbhdiGUaOff6C5k6LiBhSQ7X3EQvAFXsxvDRCdw
XS15oHMteMKLcwthf6R7sJI4srygAI0gdnyYfr4fhyghB2GpF7WWmIYJ2UmdTlXi
1mwklyItb3kcojCn3RdPAwxIyoJ4sQK5AeHT8YSrSpS56ys3rG762c6i8ebrb9P7
zmC9p71tdRC3yiHIBPO67dyAK7cwmeF4nEMSW5BxsEQR4P+JqwXnCK+ec/3uknDk
7nLP4dinZqSi1mpCYwaPN9CE89Zj5Yr1O4wBKOktHKb++Beyd1Y09ZHRyg5XS+0q
4wqaMdRR/Xu7D+bWtd6cjS2/cTs8O/UxqEun9ZnTuRLJB3Le4Bh1uj+tZGVvSSSW
qECF9S5b4zgENutcPgp47xolJP8yxqhcbfjEM+CzJLAlXT7L+OEB1y+IXg7Hpwx1
BRlU2IHM2lTYK7oCOFW2
=SS6s
-----END PGP SIGNATURE-----

--- End Message ---