Your message dated Wed, 01 Nov 2023 18:16:31 +0000 with message-id <e1qyflx-002atd...@fasolo.debian.org> and subject line Bug#1055034: fixed in mysql-8.0 8.0.35-1 has caused the Debian Bug report #1055034, regarding mysql-8.0: CVE-2023-22032 CVE-2023-22059 CVE-2023-22064 CVE-2023-22066 CVE-2023-22068 CVE-2023-22070 CVE-2023-22078 CVE-2023-22079 CVE-2023-22084 CVE-2023-22092 CVE-2023-22097 CVE-2023-22103 CVE-2023-22112 CVE-2023-22114 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1055034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055034 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: mysql-8.0 Version: 8.0.34-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerabilities were published for mysql-8.0. CVE-2023-22032[0]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior and 8.1.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22059[1]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior and 8.1.0. Easily exploitable | vulnerability allows low privileged attacker with network access via | multiple protocols to compromise MySQL Server. Successful attacks | of this vulnerability can result in unauthorized ability to cause a | hang or frequently repeatable crash (complete DOS) of MySQL Server. | CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22064[2]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior. Easily exploitable vulnerability | allows high privileged attacker with network access via multiple | protocols to compromise MySQL Server. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 | Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22066[3]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows | high privileged attacker with network access via multiple protocols | to compromise MySQL Server. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 | Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22068[4]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows | high privileged attacker with network access via multiple protocols | to compromise MySQL Server. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 | Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22070[5]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior and 8.1.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22078[6]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior and 8.1.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22079[7]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior. Easily exploitable vulnerability | allows low privileged attacker with network access via multiple | protocols to compromise MySQL Server. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 | Base Score 6.5 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22084[8]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22092[9]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior. Easily exploitable vulnerability | allows high privileged attacker with network access via multiple | protocols to compromise MySQL Server. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 | Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22097[10]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows | high privileged attacker with network access via multiple protocols | to compromise MySQL Server. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 | Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22103[11]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior and 8.1.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22112[12]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior. Easily exploitable vulnerability | allows high privileged attacker with network access via multiple | protocols to compromise MySQL Server. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 | Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22114[13]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows | high privileged attacker with network access via multiple protocols | to compromise MySQL Server. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 | Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-22032 https://www.cve.org/CVERecord?id=CVE-2023-22032 [1] https://security-tracker.debian.org/tracker/CVE-2023-22059 https://www.cve.org/CVERecord?id=CVE-2023-22059 [2] https://security-tracker.debian.org/tracker/CVE-2023-22064 https://www.cve.org/CVERecord?id=CVE-2023-22064 [3] https://security-tracker.debian.org/tracker/CVE-2023-22066 https://www.cve.org/CVERecord?id=CVE-2023-22066 [4] https://security-tracker.debian.org/tracker/CVE-2023-22068 https://www.cve.org/CVERecord?id=CVE-2023-22068 [5] https://security-tracker.debian.org/tracker/CVE-2023-22070 https://www.cve.org/CVERecord?id=CVE-2023-22070 [6] https://security-tracker.debian.org/tracker/CVE-2023-22078 https://www.cve.org/CVERecord?id=CVE-2023-22078 [7] https://security-tracker.debian.org/tracker/CVE-2023-22079 https://www.cve.org/CVERecord?id=CVE-2023-22079 [8] https://security-tracker.debian.org/tracker/CVE-2023-22084 https://www.cve.org/CVERecord?id=CVE-2023-22084 [9] https://security-tracker.debian.org/tracker/CVE-2023-22092 https://www.cve.org/CVERecord?id=CVE-2023-22092 [10] https://security-tracker.debian.org/tracker/CVE-2023-22097 https://www.cve.org/CVERecord?id=CVE-2023-22097 [11] https://security-tracker.debian.org/tracker/CVE-2023-22103 https://www.cve.org/CVERecord?id=CVE-2023-22103 [12] https://security-tracker.debian.org/tracker/CVE-2023-22112 https://www.cve.org/CVERecord?id=CVE-2023-22112 [13] https://security-tracker.debian.org/tracker/CVE-2023-22114 https://www.cve.org/CVERecord?id=CVE-2023-22114 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: mysql-8.0 Source-Version: 8.0.35-1 Done: Lena Voytek <lena.voy...@canonical.com> We believe that the bug you reported is fixed in the latest version of mysql-8.0, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1055...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Lena Voytek <lena.voy...@canonical.com> (supplier of updated mysql-8.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 26 Oct 2023 10:15:57 -0700 Source: mysql-8.0 Built-For-Profiles: noudeb Architecture: source Version: 8.0.35-1 Distribution: unstable Urgency: medium Maintainer: Debian MySQL Maintainers <pkg-mysql-ma...@lists.alioth.debian.org> Changed-By: Lena Voytek <lena.voy...@canonical.com> Closes: 1055034 Changes: mysql-8.0 (8.0.35-1) unstable; urgency=medium . * Imported upstream version 8.0.35 to fix security issues - https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixMSQL - CVE-2023-2650 CVE-2023-22015 CVE-2023-22026 CVE-2023-22028 CVE-2023-22032 CVE-2023-22059 CVE-2023-22064 CVE-2023-22065 CVE-2023-22066 CVE-2023-22068 CVE-2023-22070 CVE-2023-22078 CVE-2023-22079 CVE-2023-22084 CVE-2023-22092 CVE-2023-22095 CVE-2023-22097 CVE-2023-22103 CVE-2023-22104 CVE-2023-22110 CVE-2023-22111 CVE-2023-22112 CVE-2023-22113 CVE-2023-22114 CVE-2023-22115 CVE-2023-38545 Upstream release notes: - https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-35.html (Closes: #1055034) * d/t/upstream: Ignore explain_json_all test since it is failing on s390x as of version 8.0.34. Checksums-Sha1: 178ac5c0b7698bab52fbe9e40579a9b8261ba55f 3682 mysql-8.0_8.0.35-1.dsc bccdb3cec44ac3e452048b72e052d11abbcb4ae8 438111810 mysql-8.0_8.0.35.orig.tar.gz e71f002a5dda3aef156f2e27286113f691c4c2ae 833 mysql-8.0_8.0.35.orig.tar.gz.asc 85a12442a777dba446c53cc8c36585b85071f0c1 147388 mysql-8.0_8.0.35-1.debian.tar.xz 845a84cbc6f0bd46eecc818f0c25feb5efe5980e 10254 mysql-8.0_8.0.35-1_source.buildinfo Checksums-Sha256: d0ec617b20b791327dc81c9bb685fdd94bcf33fe475a422d2fecacb353cd316e 3682 mysql-8.0_8.0.35-1.dsc 41253c3a99cefcf6d806040c6687692eb0c37b4c7aae5882417dfb9c5d3ce4ce 438111810 mysql-8.0_8.0.35.orig.tar.gz 8128cfcaa87164348c3d0bd8b1c4a75c8da7e6ab3326bcb2a6d325a830800d52 833 mysql-8.0_8.0.35.orig.tar.gz.asc dd6217dfce3559bffc91ca08854e15774670e396a094e9116da5cb636a7877e5 147388 mysql-8.0_8.0.35-1.debian.tar.xz defd419608da424f26e1433a228e2ffc4abf44e9a408426dafb17838d7c5a5f1 10254 mysql-8.0_8.0.35-1_source.buildinfo Files: 7bfba92ec354db5aef322a9d1fb49fd3 3682 database optional mysql-8.0_8.0.35-1.dsc 9da2fff787551a12307002c1ead747bd 438111810 database optional mysql-8.0_8.0.35.orig.tar.gz 81560a29650716260d75a9d2b376e8e2 833 database optional mysql-8.0_8.0.35.orig.tar.gz.asc d0241d869e32d11cd5e3243430dd4481 147388 database optional mysql-8.0_8.0.35-1.debian.tar.xz 4e164f464a7edc3cb56cd8850eaacc0c 10254 database optional mysql-8.0_8.0.35-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEY+78PeFNUUbOfyS/NLitfZUp55MFAmVCgj4ACgkQNLitfZUp 55NJ2g/9GpzZ7cuzGMXqcWgcgeSkW4nbv/OcYZncNF6YuaQ3vwocd5cu/Q5qM5HY q3zRhdjU2UHT0X0z6AxMOVSssXS/W7CnyBmmN58GZZK1cPPiBn2MMAIIR5fbNWuz iGMUCnaeAhlM2jEt+exk9JNjgfILN9isgULnJlJzDNmDdjW4GjMgnwPBjlGBLufU rzhSneDUCuOSr/lis8HZCARjjbow72IvWZDfj9ftSCzawcO0vUJsi9CBNITNX7FO Kg0iOXq/ZLk7PlqfFwyyuoxjUzqv56VZCOtzONTQqdYm2hq4SkpwJPnknHh9IBWE GjOPgqfPNlrk3l0CkepGAVfJkTww2PoMtOHdSFun3Ubi6j0O7qD1q4vn1t9lCLl6 WVqcmywussXu9Fg8a1ZjvURefD9Gb86NXzAuWKbNUKjbdYYMu+tV+K0+C0c2K2xe OBhiB3lpqI2hj00ma1BeI4i5rPj0Mn8VlzLW8N4TbqNxdLLGftzI5QkER8V0MgVV LUNqsbs/CaRNOfgzBEs9YjYBBX7OIIj6U477SoPwdM4B4onBeRydp9838wONYSkZ FBGPG8oVGv0Q0M/96yM+V2ltqBuaneMzWHEu/TysxrlLY3T0Tgv26936lo9sRAb4 iLLPJeSm4ZnXdJDj3oHodeLXQ5BtIXFDvBYe2CP3jWDwqLbxfuc= =uvUi -----END PGP SIGNATURE-----
--- End Message ---
