Your message dated Mon, 27 Oct 2025 13:10:05 +0000
with message-id <[email protected]>
and subject line Bug#1118543: fixed in mysql-8.0 8.0.44-1
has caused the Debian Bug report #1118543,
regarding mysql-8.0: CVE-2025-53040 CVE-2025-53042 CVE-2025-53044
CVE-2025-53045 CVE-2025-53053 CVE-2025-53054 CVE-2025-53062 CVE-2025-53069
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1118543: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118543
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mysql-8.0
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2025-53040[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer). Supported versions that are
| affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-53042[1]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer). Supported versions that are
| affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-53044[2]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
| 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-53045[3]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
| 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-53053[4]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: DML). Supported versions that are affected are
| 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server as well as unauthorized update, insert or delete access to
| some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5
| (Integrity and Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2025-53054[5]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
| 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server as well as unauthorized update, insert or delete access to
| some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5
| (Integrity and Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2025-53062[6]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
| 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-53069[7]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Components Services). Supported versions that
| are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-53040
https://www.cve.org/CVERecord?id=CVE-2025-53040
[1] https://security-tracker.debian.org/tracker/CVE-2025-53042
https://www.cve.org/CVERecord?id=CVE-2025-53042
[2] https://security-tracker.debian.org/tracker/CVE-2025-53044
https://www.cve.org/CVERecord?id=CVE-2025-53044
[3] https://security-tracker.debian.org/tracker/CVE-2025-53045
https://www.cve.org/CVERecord?id=CVE-2025-53045
[4] https://security-tracker.debian.org/tracker/CVE-2025-53053
https://www.cve.org/CVERecord?id=CVE-2025-53053
[5] https://security-tracker.debian.org/tracker/CVE-2025-53054
https://www.cve.org/CVERecord?id=CVE-2025-53054
[6] https://security-tracker.debian.org/tracker/CVE-2025-53062
https://www.cve.org/CVERecord?id=CVE-2025-53062
[7] https://security-tracker.debian.org/tracker/CVE-2025-53069
https://www.cve.org/CVERecord?id=CVE-2025-53069
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: mysql-8.0
Source-Version: 8.0.44-1
Done: Lena Voytek <[email protected]>
We believe that the bug you reported is fixed in the latest version of
mysql-8.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lena Voytek <[email protected]> (supplier of updated mysql-8.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 27 Oct 2025 08:34:23 -0400
Source: mysql-8.0
Built-For-Profiles: noudeb
Architecture: source
Version: 8.0.44-1
Distribution: unstable
Urgency: medium
Maintainer: Debian MySQL Maintainers <[email protected]>
Changed-By: Lena Voytek <[email protected]>
Closes: 1111906 1118115 1118543
Changes:
mysql-8.0 (8.0.44-1) unstable; urgency=medium
.
* Import upstream version 8.0.44 to fix security issues
- https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixMSQL
- CVE-2025-53040 CVE-2025-53042 CVE-2025-53044 CVE-2025-53045
CVE-2025-53053 CVE-2025-53054 CVE-2025-53062 CVE-2025-53069
Upstream release notes:
- https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-44.html
(Closes: #1118543)
* Remove suggests packages no longer in debian and update recommends
(Closes: #1118115)
.
[ Luca Monducci ]
* Update it.po translation file (Closes: #1111906)
Checksums-Sha1:
7f081b470ef0ac38ab6538944d19b703338dac72 3582 mysql-8.0_8.0.44-1.dsc
abe951070556eeb22c0f5186d98254eef52c365d 492448984 mysql-8.0_8.0.44.orig.tar.gz
8f058365ff52fa0afb728bf5e77d27e087880367 833 mysql-8.0_8.0.44.orig.tar.gz.asc
79757303ae9dcba5d1a567c34c3b9ec551af8ab9 146436
mysql-8.0_8.0.44-1.debian.tar.xz
d891b332a7bad492e6dd49b9f55e164bfb875d4b 9138
mysql-8.0_8.0.44-1_source.buildinfo
Checksums-Sha256:
5b6572933beeaee6899a95919cb61d9e2f8d40d9ef9beee59d53928871893a4e 3582
mysql-8.0_8.0.44-1.dsc
a8cc09a35af63668c5235cf282aef789428c6f30c1d9a581b337c816ce8ce8bb 492448984
mysql-8.0_8.0.44.orig.tar.gz
1be71a0ffc435d58742c23855e197b2aa7b127d89e8b45a1356091d2de39d638 833
mysql-8.0_8.0.44.orig.tar.gz.asc
66f68232d00c83d5c41ba050673a19d82856e7d379d53d0ee10d441083b1f2b8 146436
mysql-8.0_8.0.44-1.debian.tar.xz
930afbc7aa95f7aaeef04812990e71aa2110d28569fc5b67c137e6ec53430688 9138
mysql-8.0_8.0.44-1_source.buildinfo
Files:
ed903e5a8692ed1b90b16ed47ac8cdc3 3582 database optional mysql-8.0_8.0.44-1.dsc
d0cc3c8b6fdcaa1f5a820349816c7d2b 492448984 database optional
mysql-8.0_8.0.44.orig.tar.gz
db2e9152abb187381e8b83fa7df095fc 833 database optional
mysql-8.0_8.0.44.orig.tar.gz.asc
248b26d29f8d736779861673afdb5b22 146436 database optional
mysql-8.0_8.0.44-1.debian.tar.xz
b524ebc0b0b5fc197bb16b5408de5ea3 9138 database optional
mysql-8.0_8.0.44-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEY+78PeFNUUbOfyS/NLitfZUp55MFAmj/aYcACgkQNLitfZUp
55NoFA//VQSAAw87gMyZLT4itn5veVd0bu+oh/Yrx47a1ynZoIpf51J+dTWNvsx6
Dg1hhEXE3Vm0N+pS7iqfjVE4tnMzo/LL7xGQbL7Tu/4NgLLvb6AlE4gBWG206Upi
htXMzEbCj76WXm7Envo+2gUtLYFrIAPBVW8HfWCUEEiPa/C0DO8brMfi5iIKVviH
j44iccmo77cdd10xhLnrnTj9TN/x/BU5IWhU2wuXrpJhAWulAhrqRdsedJB0pJn2
DhFiDS0wudwe4qL5GoWd7BM48UOlowdjBA9kTUEaST0LFMlKBDi9KgF4ZLpIuNqI
LBDAZDchqQLkYx6V3SETBdMMtaWmEEgVFPBFctBz96HfawQaSK7QNtX/S/CG+xNb
rXRmAg3X9WzbwvwLojkQxV9AE6kdqHLshgAZV9I7WKEFhbfbt4DCrKwZMBHNy554
r2rcp0RWHMPv/+yngNkldLgDWjZ9YkTMO5sTbu5LE5Jl9UNHqw04MqH/5IOok0B4
PI9refJMLCe6onvP6lyo64LIlfSQLI2rmbETYyapVVQgdEsT3IiQ5o+7G9xS0ANw
tLwbS1Ux/QNew8KsnYwJ3oECsTy3ovpNs3n+h0UEyXsTABZGO5dlWtvLWAYzHwSv
2Srl0My1AYkLE8CCg4k17/eL/WSBVFbZ7rv8Usl7qm2U1Er2Mq0=
=saf5
-----END PGP SIGNATURE-----
pgpwv5hRGf3VR.pgp
Description: PGP signature
--- End Message ---
