Bug 45106 - mysql-5.5: Multiple issues (4.1)
mysql-5.5: Multiple issues (4.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-4-errata
Assigned To: Arvid Requate
Philipp Hahn
http://www.oracle.com/technetwork/sec...
:
Depends on: 44519
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-31 18:58 CEST by Arvid Requate
Modified: 2017-08-02 14:59 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2017-07-31 18:58:42 CEST
Upstream Debian package version 5.5.57-0+deb7u1 fixes these issues:

CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648
CVE-2017-3651 CVE-2017-3652 CVE-2017-3653
Comment 1 Arvid Requate univentionstaff 2017-07-31 20:33:02 CEST
arequate@dimma:~$ repo_admin.py -U -p mysql-5.5 -d wheezy -r 4.1 -s errata4.1-4
[...]
Hole:1 http://ftp.de.debian.org/debian-security/ wheezy/updates/main mysql-5.5 5.5.57-0+deb7u1 (dsc) [2.971 B]
Hole:2 http://ftp.de.debian.org/debian-security/ wheezy/updates/main mysql-5.5 5.5.57-0+deb7u1 (tar) [21,0 MB]
Hole:3 http://ftp.de.debian.org/debian-security/ wheezy/updates/main mysql-5.5 5.5.57-0+deb7u1 (diff) [380 kB
[...]

arequate@dimma:~$ b41-scope errata4.1-4 mysql-5.5                                                                                                                              

Advisory: mysql-5.5.yaml

Blocked by: Bug 44519
Comment 2 Philipp Hahn univentionstaff 2017-08-01 17:22:19 CEST
OK: univention-upgrade # amd64
OK: # dpkg-query -W mysql\*
mysql-client-5.5        5.5.57-0.33.201707311954
mysql-common    5.5.57-0.33.201707311954
mysql-server    5.5.57-0.33.201707311954
mysql-server-5.5        5.5.57-0.33.201707311954
mysql-server-core-5.5   5.5.57-0.33.201707311954

OK: vimdiff /usr/share/doc/mysql-common/changelog.Debian{.old,}.gz
OK: mysql -u root -p mysql

OK: errata-announce -V --only --ignore-validate=cve.CVE-2017 mysql-5.5.yaml
OK: mysql-5.5.yaml
  you could given the references from <https://www.debian.org/security/2017/dsa-3922> as the description is currently useless to any reader. Compare yours to 
  <http://errata.software-univention.de/ucs/4.1/54.html>
  <http://errata.software-univention.de/ucs/4.1/284.html>
  <http://errata.software-univention.de/ucs/4.1/328.html>
 (Another) bad one is <http://errata.software-univention.de/ucs/4.1/382.html>
SKIPPED: <http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-4/job/AutotestJoin/>
Comment 3 Arvid Requate univentionstaff 2017-08-02 14:59:17 CEST
<http://errata.software-univention.de/ucs/4.1/445.html>