Univention Bugzilla – Bug 48130
mysql-5.5: Multiple issues (4.2)
Last modified: 2018-11-14 14:58:59 CET
New Debian mysql-5.5 5.5.62-0+deb8u1A~4.2.5.201811120817 fixes: This update addresses the following issues: * use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) * MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058) * Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3063) * Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066) * Client mysqldump unspecified vulnerability (CPU Jul 2018) (CVE-2018-3070) * Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081) * Server: Parser unspecified vulnerability (CPU Oct 2018) (CVE-2018-3133) * Client programs unspecified vulnerability (CPU Oct 2018) (CVE-2018-3174) * Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282)
--- mirror/ftp/4.2/unmaintained/4.2-4/source/mysql-5.5_5.5.60-0+deb8u1A~4.2.3.201804221415.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/mysql-5.5_5.5.62-0+deb8u1A~4.2.5.201811120817.dsc @@ -1,4 +1,4 @@ -5.5.60-0+deb8u1A~4.2.3.201804221415 [Sun, 22 Apr 2018 14:15:22 +0200] Univention builddaemon <buildd@univention.de>: +5.5.62-0+deb8u1A~4.2.5.201811120817 [Mon, 12 Nov 2018 08:17:47 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 00_remove_debian_news @@ -6,6 +6,17 @@ 11_fix_parallel_ftbfs 30_root_password 50_ucr_autostart + +5.5.62-0+deb8u1 [Thu, 01 Nov 2018 00:13:20 -0400] Roberto C. Sanchez <roberto@debian.org>: + + * Non-maintainer upload by the LTS Team. + * Imported Upstream version 5.5.61 to fix security issues: + - https://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html + - CVE-2018-2767 CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 CVE-2018-3070 + - CVE-2018-3081 + * Imported Upstream version 5.5.62 to fix security issues: + - https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + - CVE-2018-3133 CVE-2018-3174 CVE-2018-3282 5.5.60-0+deb8u1 [Wed, 18 Apr 2018 22:28:36 +0200] Salvatore Bonaccorso <carnil@debian.org>: <http://10.200.17.11/4.2-5/#1269226354761355653>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 3b6d45f994 Bug #48130: mysql-5.5 5.5.62-0+deb8u1A~4.2.5.201811120817 doc/errata/staging/mysql-5.5.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+)
<http://errata.software-univention.de/ucs/4.2/546.html>