Your message dated Mon, 07 Dec 2020 20:53:29 +0000
with message-id <[email protected]>
and subject line Bug#972623: fixed in mysql-8.0 8.0.22-1
has caused the Debian Bug report #972623,
regarding Security fixes from the October 2020 CPU
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
972623: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972623
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mysql-8.0
Version: 8.0.21
Severity: grave
Tags: security upstream fixed-upstream
The Oracle Critical Patch Update for October 2020 lists CVEs affecting
MySQL 8.0
that are fixed in 8.0.22
CVE list:
- CVE-2020-14672 CVE-2020-14765 CVE-2020-14769 CVE-2020-14771
- CVE-2020-14773 CVE-2020-14775 CVE-2020-14776 CVE-2020-14777
- CVE-2020-14785 CVE-2020-14786 CVE-2020-14789 CVE-2020-14790
- CVE-2020-14791 CVE-2020-14793 CVE-2020-14794 CVE-2020-14799
- CVE-2020-14800 CVE-2020-14804 CVE-2020-14809 CVE-2020-14812
- CVE-2020-14814 CVE-2020-14821 CVE-2020-14827 CVE-2020-14828
- CVE-2020-14829 CVE-2020-14830 CVE-2020-14836 CVE-2020-14837
- CVE-2020-14838 CVE-2020-14839 CVE-2020-14844 CVE-2020-14845
- CVE-2020-14846 CVE-2020-14848 CVE-2020-14852 CVE-2020-14860
- CVE-2020-14861 CVE-2020-14866 CVE-2020-14867 CVE-2020-14868
- CVE-2020-14869 CVE-2020-14870 CVE-2020-14873 CVE-2020-14878
- CVE-2020-14888 CVE-2020-14891 CVE-2020-14893
Ref: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL
Regards,
Lars Tangvald
--- End Message ---
--- Begin Message ---
Source: mysql-8.0
Source-Version: 8.0.22-1
Done: Lars Tangvald <[email protected]>
We believe that the bug you reported is fixed in the latest version of
mysql-8.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lars Tangvald <[email protected]> (supplier of updated mysql-8.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 20 Oct 2020 09:37:54 +0000
Source: mysql-8.0
Architecture: source
Version: 8.0.22-1
Distribution: unstable
Urgency: medium
Maintainer: Debian MySQL Maintainers <[email protected]>
Changed-By: Lars Tangvald <[email protected]>
Closes: 972623
Launchpad-Bugs-Fixed: 1882527
Changes:
mysql-8.0 (8.0.22-1) unstable; urgency=medium
.
* Imported upstream version 8.0.22 to fix security issues:
- https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL
- CVE-2020-14672 CVE-2020-14765 CVE-2020-14769 CVE-2020-14771
- CVE-2020-14773 CVE-2020-14775 CVE-2020-14776 CVE-2020-14777
- CVE-2020-14785 CVE-2020-14786 CVE-2020-14789 CVE-2020-14790
- CVE-2020-14791 CVE-2020-14793 CVE-2020-14794 CVE-2020-14799
- CVE-2020-14800 CVE-2020-14804 CVE-2020-14809 CVE-2020-14812
- CVE-2020-14814 CVE-2020-14821 CVE-2020-14827 CVE-2020-14828
- CVE-2020-14829 CVE-2020-14830 CVE-2020-14836 CVE-2020-14837
- CVE-2020-14838 CVE-2020-14839 CVE-2020-14844 CVE-2020-14845
- CVE-2020-14846 CVE-2020-14848 CVE-2020-14852 CVE-2020-14860
- CVE-2020-14861 CVE-2020-14866 CVE-2020-14867 CVE-2020-14868
- CVE-2020-14869 CVE-2020-14870 CVE-2020-14873 CVE-2020-14878
- CVE-2020-14888 CVE-2020-14891 CVE-2020-14893
(Closes: #972623)
* d/patches: Dropped patches for issues fixed upstream
fix_expired_test_certs.patch and fix_mariadb_charset_segfault.patch
* d/rules: Link system libs by default
Ensures that if new dependencies are added we use system instead
of bundled versions, where possible.
* d/install: Added new upstream plugins for MySQL Router
* d/systemd: Disable service timeout
For large databases, the service could timeout on stop, possibly
leading to data corruption during a system shutdown.
(LP: #1882527)
Checksums-Sha1:
9a1534d840cb8c031cb8b1e675ac43d0ee93c693 3646 mysql-8.0_8.0.22-1.dsc
0bf6f95fa5cf925e9cee1edab765c694cb7571bd 285934450 mysql-8.0_8.0.22.orig.tar.gz
310b6d873b72520e647521218ada95e8ab1e5339 232 mysql-8.0_8.0.22.orig.tar.gz.asc
37bfc4199cbd383a9b67b8c528dab64b6934e28a 157412
mysql-8.0_8.0.22-1.debian.tar.xz
8f96fc06cf12186dffbd90c43e2ad261cfd7c068 9510
mysql-8.0_8.0.22-1_source.buildinfo
Checksums-Sha256:
0a41d379e6155d05585363b8f838d009d62677acfa0c3ef1975a2fc0b9af2c70 3646
mysql-8.0_8.0.22-1.dsc
ba765f74367c638d7cd1c546c05c14382fd997669bcd9680278e907f8d7eb484 285934450
mysql-8.0_8.0.22.orig.tar.gz
7ab2c9eb24fc5799fb678d0f15d46a16f089fd364d3d0f3bb349e47a9106729a 232
mysql-8.0_8.0.22.orig.tar.gz.asc
6e75f582274597224f85b63f40a2c8a947021352ed708e77c3ac12af5e649cd9 157412
mysql-8.0_8.0.22-1.debian.tar.xz
de27322de9335064aad3875d4fb6bc7a2c7e6c5e4f2c6a4de68fad0483ad5d38 9510
mysql-8.0_8.0.22-1_source.buildinfo
Files:
6f8301423e93b15be1315b7e0e4153d8 3646 database optional mysql-8.0_8.0.22-1.dsc
2b2d93e8a3c1a29d875daf534ea87c81 285934450 database optional
mysql-8.0_8.0.22.orig.tar.gz
9c09d5932ce21467cefcce55d2a6b29d 232 database optional
mysql-8.0_8.0.22.orig.tar.gz.asc
4ffd7f77be64ef746c1bbaae6ee4a457 157412 database optional
mysql-8.0_8.0.22-1.debian.tar.xz
ddc718c6777cc2aa309c09286b14bfff 9510 database optional
mysql-8.0_8.0.22-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJNBAEBCgA3FiEEs50nRMHhVwTIkl6XZjk8wjhkwT8FAl/OZj8ZHGxhcnMudGFu
Z3ZhbGRAb3JhY2xlLmNvbQAKCRBmOTzCOGTBP1DXEACbnTv2D27plri8lRfdw+c5
fQIxdsjFbYW/X471FivqEhjHnf8nWuPjKrLohQfWGVXJaWUKDbAo5kuudUZWEDQB
RoSj0A21XyRKMZYxm2bRyREJrTP2wB2w52OytKew0H03uHXL+Tu5YVlWZlFZ2IUC
mPYM5W9Pmwlp16MaD0+HHVmYTU6nbz8NyJbfj2hMpyBCTaY2FKrkgVfkUPujzVHD
mFC/8xNRmTsoSSKVEERWsvstpAzmivXcr2/bvy57svl86zkGjZvBauPu2wFIdMGe
+LxzFqaUUk+XVJBipLuNVrrLsTk8eeKMhg6mK6IB55yFn7cvRz/dLim1Pl58XH1P
fgz1DoGzPt5nZjGMxFAyTs8niHVroaOZhwvwRm0P0aDD+HpMChO+fTrHbQ4wqQsF
pwHeIJeZfrUQA3UkpvZxJayqHWCtM71R4Blq/cdPRYFOplaQczU1OGghct2HvJzP
ONFLvs+lGqFDz4C/Uhh+T1Pie3H3Y55DFS8/CXAr/XCu8VPZ9NGFgEs+cqgTR+Tb
K/FKcdleUSY5/LhaSwfjj7Sd+L8GLmAQewfg2TlO6JGPo+Kn73l+zLgof7cmWWs9
fjPijMJpCa7Dx3ZRfMVYNbmiGqw+DUkhzU3z7Z0KnIFreHcu4efj1RxTCp1g/a8c
ZBT7y9mI1PRsuTr+3Y34Xw==
=dKeQ
-----END PGP SIGNATURE-----
--- End Message ---
