Hi Lars, On Wed, Oct 19, 2016 at 10:38:22AM +0200, Lars Tangvald wrote: > Hi, > > On 10/19/2016 10:18 AM, Moritz Muehlenhoff wrote: > > Hi, > > > > On Wed, Oct 19, 2016 at 09:10:59AM +0200, Lars Tangvald wrote: > > > So for Linux we consider this fixed in 5.5.52, but the complete fix > > > was in 5.5.53. > > Is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837984 > > addressed in 5.5.53? > No, this hasn't been changed. > If you take a look at > https://github.com/mysql/mysql-server/blob/5.5/scripts/mysqld_safe.sh (just > search for 'i386') you'll see it restricts it to intel architectures. > This is a whitelist of where the --malloc-lib option is allowed to be set, > and is restricted to the intel archs because we considered it of little use > on other architectures. > If needs to be available on other architectures we could make a patch in the > packaging to add them. > > > > Should I remove the CVE from the Debian changelog entry? > > That's not needed, we can add a comment to the Security Tracker. > Ok, thanks :)
What is the status for src:mysql-5.5 for a possible jessie-security upload? (Btw, if-and-only-if the package is still needed due to rebuild, then let's please fix the changelog entry as well.) Regards, Salvatore
