Your message dated Mon, 17 Mar 2014 10:23:47 +0000 with message-id <e1wpuhv-0006sl...@franck.debian.org> and subject line Bug#741590: fixed in mysql-5.6 5.6.16-1~exp1 has caused the Debian Bug report #741590, regarding mysql-5.6: CVE-2014-0001: command-line tool buffer overflow via long server version string to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 741590: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741590 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: mysql-5.5 Severity: important Tags: security upstream Hi, the following vulnerability was published for mysql-5.5. CVE-2014-0001[0]: command-line tool buffer overflow via long server version string If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001 http://security-tracker.debian.org/tracker/CVE-2014-0001 [1] http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1054592 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: mysql-5.6 Source-Version: 5.6.16-1~exp1 We believe that the bug you reported is fixed in the latest version of mysql-5.6, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 741...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James Page <james.p...@ubuntu.com> (supplier of updated mysql-5.6 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 17 Mar 2014 08:56:24 +0000 Source: mysql-5.6 Binary: mysql-common-5.6 mysql-client-core-5.6 mysql-client-5.6 mysql-server-core-5.6 mysql-server-5.6 mysql-testsuite-5.6 mysql-source-5.6 Architecture: source all amd64 Version: 5.6.16-1~exp1 Distribution: experimental Urgency: medium Maintainer: Debian MySQL Maintainers <pkg-mysql-ma...@lists.alioth.debian.org> Changed-By: James Page <james.p...@ubuntu.com> Description: mysql-client-5.6 - MySQL database client binaries mysql-client-core-5.6 - MySQL database core client binaries mysql-common-5.6 - MySQL 5.6 specific common files, e.g. /etc/mysql/conf.d/my-5.6.cn mysql-server-5.6 - MySQL database server binaries and system database setup mysql-server-core-5.6 - MySQL database server binaries mysql-source-5.6 - MySQL source mysql-testsuite-5.6 - MySQL 5.6 testsuite Closes: 741590 Changes: mysql-5.6 (5.6.16-1~exp1) experimental; urgency=medium . * New upstream point release: - d/p/*: Refreshed. * d/rules: Don't run dh_install with --fail-missing and exclusions until package is a complete replacement for mysql-5.5. * d/p/CVE-2014-0001.patch: - Fix buffer overflow in client/mysql.cc via a long server version string. CVE-2014-0001 (Closes: #741590). * d/mysql-server-5.6.mysql.upstart: Add upstart configuration. * d/tests/*,control: Add autopkgtest from mysql-5.5: - disable binlog.binlog_server_start_options as it requires writable /usr. - disable build autopkgtest until package ships libmysqlclient18. * d/rules,mysql-server-5.6.install,apparmor-profile: Fixup install of apparmor profile. Checksums-Sha1: 141039c725c00b1520d695589a9402cc4f691a75 2644 mysql-5.6_5.6.16-1~exp1.dsc 64a3b4058e2039d2b812d23c8793f74b4f168cc0 32821451 mysql-5.6_5.6.16.orig.tar.gz 764bb34a9a9f4ee6931ff797e7d23ddc5825df26 222236 mysql-5.6_5.6.16-1~exp1.debian.tar.xz a70b9ef1ec9c6f42709bbbb7c5196e4b7ecfc19c 87212 mysql-common-5.6_5.6.16-1~exp1_all.deb c4dfa70119052f7f2552b22c4f6c88b6c44bab1b 4362854 mysql-client-core-5.6_5.6.16-1~exp1_amd64.deb 858238f32b01e05abff0c710192ab9818534f08c 5576222 mysql-client-5.6_5.6.16-1~exp1_amd64.deb 8dfbf996a72cfa13e2d0f758154212ea6bce9212 4821392 mysql-server-core-5.6_5.6.16-1~exp1_amd64.deb b45e9cb243405423c7e2e33a5d5d8ec872dd4785 5805912 mysql-server-5.6_5.6.16-1~exp1_amd64.deb 582a312feedea204c7791f89f129abc8cf5be501 6889164 mysql-testsuite-5.6_5.6.16-1~exp1_amd64.deb 74954b397ac12e96ded16cc348b2db80df9e96a9 33779490 mysql-source-5.6_5.6.16-1~exp1_amd64.deb Checksums-Sha256: 660ed2fbb07e63335823f72c9c157525c82d8e2cd2ba5f13df12fb90fb86a7d0 2644 mysql-5.6_5.6.16-1~exp1.dsc 70fe55985ba187a26cce6905c57f66bb9904b33760e3ff30b611697b4bf2fde0 32821451 mysql-5.6_5.6.16.orig.tar.gz c0476a5ffd14780b3291466a0a1c5ec5c8f38561f439a0885f7a369f6c800a2b 222236 mysql-5.6_5.6.16-1~exp1.debian.tar.xz afcfbeb339a4c32d83f8ed6419e1cc2bd064439dec44504b7cd0d518870958a3 87212 mysql-common-5.6_5.6.16-1~exp1_all.deb 73bcd18161d4a20276ef7c8c168ca28ffee7aaa6fbeb0ea90cb92ddd9d560029 4362854 mysql-client-core-5.6_5.6.16-1~exp1_amd64.deb 5f45b4b1024b37533e469a298dcc0b5953a72d392d7d432078e94d10a4252259 5576222 mysql-client-5.6_5.6.16-1~exp1_amd64.deb f4101ee7dfb2499c4c6dd7692f45de0f13d5f0b77274d60ed72adac9dc9b7a92 4821392 mysql-server-core-5.6_5.6.16-1~exp1_amd64.deb 31fdf97096dbf68df8df21ea9f2655c67a4947748c7d2853b55fc947145da34d 5805912 mysql-server-5.6_5.6.16-1~exp1_amd64.deb 52fe2324337a6f715cc067fe8cb26944cf0980eb3e1a95f62c8f2c63a8515234 6889164 mysql-testsuite-5.6_5.6.16-1~exp1_amd64.deb 3e3bb28eaacd49755fcd72348037fb3bdd7f60e4f895571cb450eae3e86b598b 33779490 mysql-source-5.6_5.6.16-1~exp1_amd64.deb Files: 7490402110ec6d7ec81ed567ac11b0bf 2644 database optional mysql-5.6_5.6.16-1~exp1.dsc 1d3d91e8459c719bbef7c97bb499634d 32821451 database optional mysql-5.6_5.6.16.orig.tar.gz 3642c4dae0868698fde80ecbfa830ead 222236 database optional mysql-5.6_5.6.16-1~exp1.debian.tar.xz 81c8392e6bc00900368463b0d40a559e 87212 database optional mysql-common-5.6_5.6.16-1~exp1_all.deb fd4312dda358650bb7fbfd31e747ccb5 4362854 database optional mysql-client-core-5.6_5.6.16-1~exp1_amd64.deb 588110778e4f1f95100cfe943753bfc2 5576222 database optional mysql-client-5.6_5.6.16-1~exp1_amd64.deb c20b3c15b9a80371e33e39213128ab3f 4821392 database optional mysql-server-core-5.6_5.6.16-1~exp1_amd64.deb 5c48924e77deab60b50d4bfce1371467 5805912 database optional mysql-server-5.6_5.6.16-1~exp1_amd64.deb eb9b65c29f7161d561c067616fad3382 6889164 database optional mysql-testsuite-5.6_5.6.16-1~exp1_amd64.deb 176076e06ac6bc164897c3df57714cb4 33779490 database optional mysql-source-5.6_5.6.16-1~exp1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJTJskBAAoJEL/srsug59jDdfkQALyUPF0BqLkYg7Rd1AGB0zMX h7Qhh7JL4v2mr69WXq+bGfBJBWVnOQbI1j0g8cS7M3O+SDmjIlPYDF9VzsBa0Bz/ 5ncJNvtr0mQTuEZPKS5qTmHMwJX9mfaiej1bCXOoXSo2YaIJcm5XXzt6HTSDaWFN /G6GWH69XkD0pqmcPHdZWxXweTrGp15brkjs8pQeZF4RmUvJioeH1tSS44k5h2IU VRqaqWi/Gb/JIZKRINUtzuAiU74BqJVQURNykdx6jhT5i6LX3xpG3pSFmpGrL2QW UndhVVi7nOyap2Fhn7flo++nQ1WNs+7SFfOwDhRVIYViwuDlZ5Jq6xTI1OMPBVrc NDjcKZuCFP08hL32G6UEdcK+5bMmOWejtA87lxdMiY+wmXVNIz239w3DIL6tt4PO tWe01WCoXdycoxIj2w4Ss/yzsRJuG5jQTSaRT7CCq8JzXft+NK47A2nAyWumQmxS FA0r32RMHhbFjIgwGVRenXPcbsYIF8Ibqbakhl40u67gUErcWOYI8ujlpyle957j kROWesWskEv2IY4yOEw6dYJ1Oav6J4TStzdkeFc5IdZZZCwnVliJ0L9lUN1SNHdc k7ouW/AtWbxpzFEm7Ae1yK9OcusZOrfiFe5QilwhWkAoX7cPKxE41zLDvX+CcTzR NWBoAcOBPJtcln3WMHZC =nITn -----END PGP SIGNATURE-----
--- End Message ---
