Your message dated Sun, 30 Apr 2017 11:32:23 +0000 with message-id <e1d4n5t-00073t...@fasolo.debian.org> and subject line Bug#842895: fixed in mariadb-10.0 10.0.29-0+deb8u1 has caused the Debian Bug report #842895, regarding mariadb-10.0: CVE-2016-6664 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 842895: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842895 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: mariadb-10.0 Version: 10.0.16-1 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerabilities were published for mariadb-10.0. CVE-2016-6664[0], which is a duplicate of CVE-2016-5617. CVE-2016-5617[1]: | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 | and earlier, and 5.7.14 and earlier allows local users to affect | confidentiality, integrity, and availability via vectors related to | Server: Error Handling. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-6664 [1] https://security-tracker.debian.org/tracker/CVE-2016-5617 [2] http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: mariadb-10.0 Source-Version: 10.0.29-0+deb8u1 We believe that the bug you reported is fixed in the latest version of mariadb-10.0, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 842...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Otto Kekäläinen <o...@debian.org> (supplier of updated mariadb-10.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 19 Jan 2017 09:51:30 +0200 Source: mariadb-10.0 Binary: libmariadbd-dev mariadb-common mariadb-client-core-10.0 mariadb-client-10.0 mariadb-server-core-10.0 mariadb-test-10.0 mariadb-server-10.0 mariadb-server mariadb-client mariadb-test mariadb-connect-engine-10.0 mariadb-oqgraph-engine-10.0 Architecture: source amd64 all Version: 10.0.29-0+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian MySQL Maintainers <pkg-mysql-ma...@lists.alioth.debian.org> Changed-By: Otto Kekäläinen <o...@debian.org> Description: libmariadbd-dev - MariaDB embedded database development files mariadb-client - MariaDB database client (metapackage depending on the latest vers mariadb-client-10.0 - MariaDB database client binaries mariadb-client-core-10.0 - MariaDB database core client binaries mariadb-common - MariaDB common metapackage mariadb-connect-engine-10.0 - Connect storage engine for MariaDB mariadb-oqgraph-engine-10.0 - OQGraph storage engine for MariaDB mariadb-server - MariaDB database server (metapackage depending on the latest vers mariadb-server-10.0 - MariaDB database server binaries mariadb-server-core-10.0 - MariaDB database core server files mariadb-test - MariaDB database regression test suite (metapackage for the lates mariadb-test-10.0 - MariaDB database regression test suite Closes: 842895 851755 Changes: mariadb-10.0 (10.0.29-0+deb8u1) jessie-security; urgency=high . * New upstream release 10.0.29. Includes fixes for the following security vulnerabilities (Closes: #851755, #842895): - CVE-2017-3318 - CVE-2017-3317 - CVE-2017-3312 - CVE-2017-3291 - CVE-2017-3265 - CVE-2017-3258 - CVE-2017-3257 - CVE-2017-3244 - CVE-2017-3243 - CVE-2017-3238 - CVE-2016-6664 Checksums-Sha1: 296e04eaa4d8d4b2aa22cd921dbd27ef72740dff 3165 mariadb-10.0_10.0.29-0+deb8u1.dsc e8a070efde96a15ec687f310edbcc37e464120cc 63385696 mariadb-10.0_10.0.29.orig.tar.gz 1e70ad179cf4149ecea288eae9056169041933c7 189032 mariadb-10.0_10.0.29-0+deb8u1.debian.tar.xz b86ce68466abcd008aba169385173775c885dc6b 8372154 libmariadbd-dev_10.0.29-0+deb8u1_amd64.deb f2fb4050007d4779220eadef1d258371c79d103a 17094 mariadb-common_10.0.29-0+deb8u1_all.deb 3319b5d9bda5a6a32cd9135a836fd14a1eba09c0 800972 mariadb-client-core-10.0_10.0.29-0+deb8u1_amd64.deb db6c3239d91386ad441fd847949bef0ccff3395e 1158234 mariadb-client-10.0_10.0.29-0+deb8u1_amd64.deb 8729c0cf987b88b31a6903f6b4dc44f3b02e27bc 4705810 mariadb-server-core-10.0_10.0.29-0+deb8u1_amd64.deb f231e9d7526de6400afa087a47ae9b1993ff2b4b 30564242 mariadb-test-10.0_10.0.29-0+deb8u1_amd64.deb 9d0072487c73edd6d2e7df5ffc47e150a3ea087e 5966020 mariadb-server-10.0_10.0.29-0+deb8u1_amd64.deb edea51bdaee9ac7a7736fed9458f094fc5b8b258 16794 mariadb-server_10.0.29-0+deb8u1_all.deb a0be4496eefad3cf19f74b989eb23497a76f80d2 16662 mariadb-client_10.0.29-0+deb8u1_all.deb c8dc5dc4fb5fb62190c83defde5d6351df953214 16610 mariadb-test_10.0.29-0+deb8u1_all.deb 84ecc5ec19484374b518ecca5747431f15d1d632 411666 mariadb-connect-engine-10.0_10.0.29-0+deb8u1_amd64.deb 97899a973f8af498ae4772ef2cc249505134a47a 76732 mariadb-oqgraph-engine-10.0_10.0.29-0+deb8u1_amd64.deb Checksums-Sha256: 19a1d740f69ceb578177f8ad886ca86f00c4159ad911d85cf811b93a76beb66e 3165 mariadb-10.0_10.0.29-0+deb8u1.dsc f5f8da646f7df4b1fb21adb8d2b15e6dfbe1964ceb8cea53207d580a464350f4 63385696 mariadb-10.0_10.0.29.orig.tar.gz ba3642452f37d6245c688867fa65dd2466b58fc1cc122e6006f38cf5f80d7252 189032 mariadb-10.0_10.0.29-0+deb8u1.debian.tar.xz 2dc0c9cfd06f23ba31394dbc0c6950d76dd979b8fc15f61abf368b9b57c5bc81 8372154 libmariadbd-dev_10.0.29-0+deb8u1_amd64.deb afd1cd38ec3a7b04e7acb3244f0e64936ca2fcd36c3f8655952849a70104d7b4 17094 mariadb-common_10.0.29-0+deb8u1_all.deb 2059d4ea3c2297bc2ef35f1e39931b5257f7e7c2f7cfa1d1e7cbb0f6da16809f 800972 mariadb-client-core-10.0_10.0.29-0+deb8u1_amd64.deb 45cf45a401253a275ec46b1454b8d6bdf9ba6e981596cae8ee36180fbcda3b69 1158234 mariadb-client-10.0_10.0.29-0+deb8u1_amd64.deb 935616842f1229cd9e7cc7dbc8ee84cc37180b5a010da62893d8fa8500de5f5f 4705810 mariadb-server-core-10.0_10.0.29-0+deb8u1_amd64.deb a2bfb707cdbcc4e979aded974f128ed1462a52bf04ac058505755192da520a96 30564242 mariadb-test-10.0_10.0.29-0+deb8u1_amd64.deb 6359ec568220466286b190b534aecb3b51b06cdedc48f5cdd805372b763ab24c 5966020 mariadb-server-10.0_10.0.29-0+deb8u1_amd64.deb ba4107b1b7e5099aecce4f5b7d8b82c2c7598c84f83d5c189103747a567d8665 16794 mariadb-server_10.0.29-0+deb8u1_all.deb c609a2bd2ad948a4acddeb1fed45649d6567b79faa0059e6949c7ae8d9906263 16662 mariadb-client_10.0.29-0+deb8u1_all.deb 85d5fc26a006fcf37564a8698826cb6fbff73ff67c636c5315fdb6f7282726b3 16610 mariadb-test_10.0.29-0+deb8u1_all.deb 3536f58843bc98cdf21611e964219060e9e01231cb1b2478c98803b8b9e1663e 411666 mariadb-connect-engine-10.0_10.0.29-0+deb8u1_amd64.deb 73ad08076da9213ff1e65f3326e4f010eb170b0302f1e1dacb8b3606b3479c92 76732 mariadb-oqgraph-engine-10.0_10.0.29-0+deb8u1_amd64.deb Files: 2e0404c0a784bca96a5753534906e191 3165 database optional mariadb-10.0_10.0.29-0+deb8u1.dsc 008bda69b41155f6d6767c2d0a476255 63385696 database optional mariadb-10.0_10.0.29.orig.tar.gz 43f65276eb66c2c283b10f752fc78605 189032 database optional mariadb-10.0_10.0.29-0+deb8u1.debian.tar.xz abd03b1bd24f633c3563b0e12da604c9 8372154 libdevel optional libmariadbd-dev_10.0.29-0+deb8u1_amd64.deb 1c415151f4d6b6ab1b7a001d6f710680 17094 database optional mariadb-common_10.0.29-0+deb8u1_all.deb 162ad44973c5c0d08e82f173bdf62feb 800972 database optional mariadb-client-core-10.0_10.0.29-0+deb8u1_amd64.deb 9c0bb1df0f9d7e60001c682af84d005d 1158234 database optional mariadb-client-10.0_10.0.29-0+deb8u1_amd64.deb bc5ec19bf99731a5a39cafa5e7de7f05 4705810 database optional mariadb-server-core-10.0_10.0.29-0+deb8u1_amd64.deb c40a47d913125ca9fb61af6407b8ebac 30564242 database optional mariadb-test-10.0_10.0.29-0+deb8u1_amd64.deb c23c99d0d9a5cb4c98c10f7a4fc08d1a 5966020 database optional mariadb-server-10.0_10.0.29-0+deb8u1_amd64.deb f99ffaaf1c0f60fc34a42c06911bc711 16794 database optional mariadb-server_10.0.29-0+deb8u1_all.deb 84d5048be160697ecc2dfc45a5e68a60 16662 database optional mariadb-client_10.0.29-0+deb8u1_all.deb 93205fc7ffb55ae2b3981237dc2d421e 16610 database optional mariadb-test_10.0.29-0+deb8u1_all.deb 3e4ebf546ae9e2cbd6c33275dbe431ee 411666 database optional mariadb-connect-engine-10.0_10.0.29-0+deb8u1_amd64.deb f915f4b12597e9257dcd78adc6e79310 76732 database optional mariadb-oqgraph-engine-10.0_10.0.29-0+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCgAGBQJYg8zwAAoJEL7YRJ/O6NqI24YP/R9zXsT3C+TAiHxAQvtBT8PT EPDJivfmNuqcDcHnoHV/EtC6ipZja0z5BactTJJFPAFbixpkTnhdCAQw3jXyFPv2 qowe+osnq9/NNV2sM3b42Y7m5cTMZ5KPKNcpeAj0tZ2ueUWdS0Sn4fBallbYV/BT A2VlrBAYa1+8Anfdf1lNzI3+QzbTBhFzHvFy8GJmZEg2dgBaV6OLv2fzDCwpqXyQ UcHSjd2JEMlWdRBRvW5loaWiq+7FaByuTT9BjLHQnDGqoEi8DKUDRIfQdTZHo5DT 3NTBKNyZOB10xXOLzqmNU8ktbIsUpEFfhIocZd4ZfndLUUk0vJdVwma1pwnGPYCi pdaHja8/uyH6yujc35hfaiM1h7vPGnXNQB9KRe5gylk5lVNY3bIj4W9cZGXaSUzi g/spaTJ9exGe+UsZDt5JGzJ0Na8cNtMDp4EAbtHbVUT4l34U0R0zem4I23V6L9J1 IK1NkwoM1D1EgvSHx68BZU9ravb5q+Yy5WyulxnHOskenGe5UVx9YC/UoLH4cjir p3e/cDc8xjDPRLA2tR9LRO/HnKEbJsabo2TK+gvcAzM9rUFD/jh14YR1UKvccZXE BrxKTXmg43txXuAB6HfAcy7PQinWL6/gv76KcItMGr/B0Ew5q4YCXLLD2dZ0+zZy B2QWaQky4OS3DPneJUCa =xgF6 -----END PGP SIGNATURE-----
--- End Message ---
