Bug#1103385: marked as done (mysql-8.0: CVE-2025-30722 CVE-2025-30721 CVE-2025-30715 CVE-2025-30705 CVE-2025-30704 CVE-2025-30703 CVE-2025-30699 CVE-2025-30696 CVE-2025-30695 CVE-2025-30693 CVE-2025-30689 CVE-2025-30688 CVE-2025-30687 CVE-2025-30685 CVE-2025-30684 CVE-2025-30683 CVE-2025-30682 CVE-2025-30681 CVE-2025-21585 CVE-2025-21584 CVE-2025-21581 CVE-2025-21580 CVE-2025-21579 CVE-2025-21577 CVE-2025-21575 CVE-2025-21574)

Debian Bug Tracking System Thu, 17 Apr 2025 06:27:30 -0700

Your message dated Thu, 17 Apr 2025 13:24:35 +0000
with message-id <e1u5pej-000tnf...@fasolo.debian.org>
and subject line Bug#1103385: fixed in mysql-8.0 8.0.42-1
has caused the Debian Bug report #1103385,
regarding mysql-8.0: CVE-2025-30722 CVE-2025-30721 CVE-2025-30715 
CVE-2025-30705 CVE-2025-30704 CVE-2025-30703 CVE-2025-30699 CVE-2025-30696 
CVE-2025-30695 CVE-2025-30693 CVE-2025-30689 CVE-2025-30688 CVE-2025-30687 
CVE-2025-30685 CVE-2025-30684 CVE-2025-30683 CVE-2025-30682 CVE-2025-30681 
CVE-2025-21585 CVE-2025-21584 CVE-2025-21581 CVE-2025-21580 CVE-2025-21579 
CVE-2025-21577 CVE-2025-21575 CVE-2025-21574
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1103385: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103385
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for mysql-8.0.

CVE-2025-30722[0]:
| Vulnerability in the MySQL Client product of Oracle MySQL
| (component: Client: mysqldump).  Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Difficult
| to exploit vulnerability allows low privileged attacker with network
| access via multiple protocols to compromise MySQL Client.
| Successful attacks of this vulnerability can result in  unauthorized
| access to critical data or complete access to all MySQL Client
| accessible data as well as  unauthorized update, insert or delete
| access to some of MySQL Client accessible data. CVSS 3.1 Base Score
| 5.9 (Confidentiality and Integrity impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).


CVE-2025-30721[1]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: UDF).  Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Difficult to exploit
| vulnerability allows high privileged attacker with logon to the
| infrastructure where MySQL Server executes to compromise MySQL
| Server.  Successful attacks require human interaction from a person
| other than the attacker. Successful attacks of this vulnerability
| can result in unauthorized ability to cause a hang or frequently
| repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score
| 4.0 (Availability impacts).  CVSS Vector:
| (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H).


CVE-2025-30715[2]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Components Services).  Supported versions that
| are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-30705[3]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: PS).  Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server.  Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-30704[4]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Components Services).  Supported versions that
| are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0.
| Difficult to exploit vulnerability allows high privileged attacker
| with network access via multiple protocols to compromise MySQL
| Server.  Successful attacks of this vulnerability can result in
| unauthorized ability to cause a hang or frequently repeatable crash
| (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4
| (Availability impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-30703[5]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB).  Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server.  Successful
| attacks of this vulnerability can result in  unauthorized update,
| insert or delete access to some of MySQL Server accessible data.
| CVSS 3.1 Base Score 2.7 (Integrity impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).


CVE-2025-30699[6]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Stored Procedure).  Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-30696[7]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: PS).  Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server.  Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-30695[8]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB).  Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server.  Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server as well as  unauthorized update, insert or delete access to
| some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5
| (Integrity and Availability impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).


CVE-2025-30693[9]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB).  Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server.  Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server as well as  unauthorized update, insert or delete access to
| some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5
| (Integrity and Availability impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).


CVE-2025-30689[10]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer).  Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-30688[11]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer).  Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily
| exploitable vulnerability allows low privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-30687[12]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer).  Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily
| exploitable vulnerability allows low privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-30685[13]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Replication).  Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-30684[14]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Replication).  Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-30683[15]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Replication).  Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-30682[16]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer).  Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily
| exploitable vulnerability allows low privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-30681[17]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Replication).  Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a partial denial of service (partial DOS) of MySQL
| Server. CVSS 3.1 Base Score 2.7 (Availability impacts).  CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).


CVE-2025-21585[18]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer).  Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-21584[19]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: DDL).  Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server.  Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-21581[20]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer).  Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-21580[21]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: DML).  Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server.  Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-21579[22]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Options).  Supported versions that are affected
| are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server.  Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-21577[23]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB).  Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable
| vulnerability allows low privileged attacker with network access via
| multiple protocols to compromise MySQL Server.  Successful attacks
| of this vulnerability can result in unauthorized ability to cause a
| hang or frequently repeatable crash (complete DOS) of MySQL Server.
| CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-21575[24]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Parser).  Supported versions that are affected
| are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable
| vulnerability allows low privileged attacker with network access via
| multiple protocols to compromise MySQL Server.  Successful attacks
| of this vulnerability can result in unauthorized ability to cause a
| hang or frequently repeatable crash (complete DOS) of MySQL Server.
| CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).


CVE-2025-21574[25]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Parser).  Supported versions that are affected
| are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable
| vulnerability allows low privileged attacker with network access via
| multiple protocols to compromise MySQL Server.  Successful attacks
| of this vulnerability can result in unauthorized ability to cause a
| hang or frequently repeatable crash (complete DOS) of MySQL Server.
| CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-30722
    https://www.cve.org/CVERecord?id=CVE-2025-30722
[1] https://security-tracker.debian.org/tracker/CVE-2025-30721
    https://www.cve.org/CVERecord?id=CVE-2025-30721
[2] https://security-tracker.debian.org/tracker/CVE-2025-30715
    https://www.cve.org/CVERecord?id=CVE-2025-30715
[3] https://security-tracker.debian.org/tracker/CVE-2025-30705
    https://www.cve.org/CVERecord?id=CVE-2025-30705
[4] https://security-tracker.debian.org/tracker/CVE-2025-30704
    https://www.cve.org/CVERecord?id=CVE-2025-30704
[5] https://security-tracker.debian.org/tracker/CVE-2025-30703
    https://www.cve.org/CVERecord?id=CVE-2025-30703
[6] https://security-tracker.debian.org/tracker/CVE-2025-30699
    https://www.cve.org/CVERecord?id=CVE-2025-30699
[7] https://security-tracker.debian.org/tracker/CVE-2025-30696
    https://www.cve.org/CVERecord?id=CVE-2025-30696
[8] https://security-tracker.debian.org/tracker/CVE-2025-30695
    https://www.cve.org/CVERecord?id=CVE-2025-30695
[9] https://security-tracker.debian.org/tracker/CVE-2025-30693
    https://www.cve.org/CVERecord?id=CVE-2025-30693
[10] https://security-tracker.debian.org/tracker/CVE-2025-30689
    https://www.cve.org/CVERecord?id=CVE-2025-30689
[11] https://security-tracker.debian.org/tracker/CVE-2025-30688
    https://www.cve.org/CVERecord?id=CVE-2025-30688
[12] https://security-tracker.debian.org/tracker/CVE-2025-30687
    https://www.cve.org/CVERecord?id=CVE-2025-30687
[13] https://security-tracker.debian.org/tracker/CVE-2025-30685
    https://www.cve.org/CVERecord?id=CVE-2025-30685
[14] https://security-tracker.debian.org/tracker/CVE-2025-30684
    https://www.cve.org/CVERecord?id=CVE-2025-30684
[15] https://security-tracker.debian.org/tracker/CVE-2025-30683
    https://www.cve.org/CVERecord?id=CVE-2025-30683
[16] https://security-tracker.debian.org/tracker/CVE-2025-30682
    https://www.cve.org/CVERecord?id=CVE-2025-30682
[17] https://security-tracker.debian.org/tracker/CVE-2025-30681
    https://www.cve.org/CVERecord?id=CVE-2025-30681
[18] https://security-tracker.debian.org/tracker/CVE-2025-21585
    https://www.cve.org/CVERecord?id=CVE-2025-21585
[19] https://security-tracker.debian.org/tracker/CVE-2025-21584
    https://www.cve.org/CVERecord?id=CVE-2025-21584
[20] https://security-tracker.debian.org/tracker/CVE-2025-21581
    https://www.cve.org/CVERecord?id=CVE-2025-21581
[21] https://security-tracker.debian.org/tracker/CVE-2025-21580
    https://www.cve.org/CVERecord?id=CVE-2025-21580
[22] https://security-tracker.debian.org/tracker/CVE-2025-21579
    https://www.cve.org/CVERecord?id=CVE-2025-21579
[23] https://security-tracker.debian.org/tracker/CVE-2025-21577
    https://www.cve.org/CVERecord?id=CVE-2025-21577
[24] https://security-tracker.debian.org/tracker/CVE-2025-21575
    https://www.cve.org/CVERecord?id=CVE-2025-21575
[25] https://security-tracker.debian.org/tracker/CVE-2025-21574
    https://www.cve.org/CVERecord?id=CVE-2025-21574

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

Source: mysql-8.0
Source-Version: 8.0.42-1
Done: Lena Voytek <lena.voy...@canonical.com>

We believe that the bug you reported is fixed in the latest version of
mysql-8.0, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1103...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lena Voytek <lena.voy...@canonical.com> (supplier of updated mysql-8.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 16 Apr 2025 18:05:42 -0400
Source: mysql-8.0
Built-For-Profiles: noudeb
Architecture: source
Version: 8.0.42-1
Distribution: unstable
Urgency: medium
Maintainer: Debian MySQL Maintainers <pkg-mysql-ma...@lists.alioth.debian.org>
Changed-By: Lena Voytek <lena.voy...@canonical.com>
Closes: 1099806 1101821 1102290 1103385
Changes:
 mysql-8.0 (8.0.42-1) unstable; urgency=medium
 .
   * Imported upstream version 8.0.42 to fix security issues
     - https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL
     - CVE-2024-13176 CVE-2024-40896 CVE-2025-21574 CVE-2025-21575
       CVE-2025-21577 CVE-2025-21579 CVE-2025-21580 CVE-2025-21581
       CVE-2025-21584 CVE-2025-21585 CVE-2025-30681 CVE-2025-30682
       CVE-2025-30683 CVE-2025-30684 CVE-2025-30685 CVE-2025-30687
       CVE-2025-30688 CVE-2025-30689 CVE-2025-30693 CVE-2025-30695
       CVE-2025-30696 CVE-2025-30699 CVE-2025-30703 CVE-2025-30704
       CVE-2025-30705 CVE-2025-30710 CVE-2025-30715 CVE-2025-30721
       CVE-2025-30722 CVE-2025-30722
     Upstream release notes:
     - https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-42.html
     (Closes: #1103385)
 .
     [ Adriano Rafael Gomes ]
     * Update pt_BR.po translation file (Closes: #1099806)
 .
     [ Remus-Gabriel Chelu ]
     * Update ro.po translation file (Closes: #1101821)
 .
     [ Atila KOÇ ]
     * Update tr.po translation file (Closes: #1102290)
Checksums-Sha1:
 96015ce2834487104504ee9e14fdedc40e0c5bbe 3727 mysql-8.0_8.0.42-1.dsc
 31503fe27c476bee6c28c6289da717561126305d 492301593 mysql-8.0_8.0.42.orig.tar.gz
 ee76b3e5bebcf0b2a164161a4edaab5ff2a0ca61 833 mysql-8.0_8.0.42.orig.tar.gz.asc
 c4b663bb28b3176359bf8c8ec76f730a829d305a 146212 
mysql-8.0_8.0.42-1.debian.tar.xz
 3fe739001832acc56cdb683feaa7c83dc3f0179b 8764 
mysql-8.0_8.0.42-1_source.buildinfo
Checksums-Sha256:
 e8c0e337ad7859e1aea26b73eba4583b3d3735818eb3d7b246bbd2884d97eb6a 3727 
mysql-8.0_8.0.42-1.dsc
 c2aa67c618edfa1bc379107fe819ca8e94cba5d85f156d1053b8fedc88cc5f8f 492301593 
mysql-8.0_8.0.42.orig.tar.gz
 f88b9aa972cf54625e56f0b59c6350b196056c87503b580216d5d4fce634f348 833 
mysql-8.0_8.0.42.orig.tar.gz.asc
 86f9bc1d6ef605ddabf7d7176c346e3d8f610aedaa1f94bf807122ae96f944ce 146212 
mysql-8.0_8.0.42-1.debian.tar.xz
 07f51882b1f5927fffe8338ef99f8b750168d1f60802ac8d8b639f122e086088 8764 
mysql-8.0_8.0.42-1_source.buildinfo
Files:
 82ddf345319981a1ad2139a78789341b 3727 database optional mysql-8.0_8.0.42-1.dsc
 0f9afecb6fcfc6bdbb31e192e9b9e598 492301593 database optional 
mysql-8.0_8.0.42.orig.tar.gz
 b4be8e77a03c4f195196fd20c30822c9 833 database optional 
mysql-8.0_8.0.42.orig.tar.gz.asc
 49eb9eaf10b44f93652a87eff0d1e031 146212 database optional 
mysql-8.0_8.0.42-1.debian.tar.xz
 97e8cf70825c69d2397cfdcfb6e0afb2 8764 database optional 
mysql-8.0_8.0.42-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEY+78PeFNUUbOfyS/NLitfZUp55MFAmgAME8ACgkQNLitfZUp
55N4Ug/9Hu5XLmOCcIptfvWbFagbsJx1zrEabX1NQQhQgfiILSfsyVuhz1PuwfoZ
3yDnQStqoJ0RDM58uTBcbhxkKJwvh/Y5Tdp2zry9LdnW+PxiNLCbw+YMf+2bNoqC
27ZC9rAFsWcYuxVXVwtA7tbPZ79bbnWs1zoIXN3JwxwFC9In7uMNDJ6hStnP8Swv
ikQdtC7eq1boh6mGppvzeoGSODSejNy6p9pS/0t2i1gEcBF1iaE61lD3omgJw6oR
XNf/uiXna79JHJ/1KDy4pXHIWzhyaQHEurNG6EkmCCsx/ofZcF/x8bkR8+wWrKtQ
7WqkcZ98AzynyBfxVpVdh19GTIEzljMmZ53s77KinwhEL1pertwoCXzNc7ZCFB+A
4OGWsehPyIi6bhgMoDZoQ0o9Uk09rx0q4cbelHPGTyKP3UtSYjH0tvkNnLvCu2e8
mhtlq0aulq6soEj8V9tEgaW9sOfog+Z31ojmzHDCDGSdhOQxU7xGoGTvoZMBsHC/
AAjU0mtU3kK9SxlTv1CUGVRmmZRt5ozGb5ypRSb4ohM2Z8P9xKgNyYDGu3VwIzSL
7vIolsQAKwwRHw8RPwMW3Dz/Zz2HMS8Ru5wDAIMgfYOPhSn7pgD5Am7YC8+xfL8P
4K8iROeolk0UIIgXt9ikxd5K4L7aWT4mRvYcV0ej8NcHibyrDU0=
=2DcS
-----END PGP SIGNATURE-----

pgpkadoqaYtAR.pgp
Description: PGP signature

--- End Message ---

Reply via email to