Changelog
mysql-5.5 (5.5.35+dfsg-1) unstable; urgency=low
[ Clint Byrum ]
* Drop creation of insecure database permissions (Closes: #732306):
- d/p/33_scripts__mysql_create_system_tables__no_test.patch,
d/p/41_scripts__mysql_install_db.sh__no_test.patch,
d/p/50_mysql-test__db_test.patch: Restored from mysql-5.1
package, inadvertently dropped in 5.5 transition. This
removes the global anonymous access to the database which
is a security concern.
[ James Page ]
* New upstream release:
- d/p/fix-racey-rpltests.patch: Dropped - no longer required.
- d/p/50_mysql-test__db_test.patch: Add extra permissions to
mysql-run-tests.pl for test_% accounts, fixing failing tests.
- d/p/*: Refreshed patches.
- SECURITY UPDATE:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- CVE-2013-5891
- CVE-2013-5908
- CVE-2014-0386
- CVE-2014-0393
- CVE-2014-0401
- CVE-2014-0402
- CVE-2014-0412
- CVE-2014-0420
- CVE-2014-0437
* Sync changes from NMU 5.5.33+dfsg-0+wheezy1:
- d/NEWS: Add NEWS file to document changes needed to existing databases
to drop insecure database permissions.
- SECURITY UPDATE: Insecure creation of the credential file debian.cnf.
- d/mysql-server-5.5.postinst: Set umask to 066 before creating
debian.cnf file (Closes: #711600).
- CVE-2013-2162
- d/copyright: Update copyright years for upstream files.
* d/control: Update VCS field for new git location.
* d/control: Add myself to Uploaders.
* d/*: Wrap and sort.
* d/control: Bumped Standards-Version, no changes.
-- James Page <email address hidden> Sat, 18 Jan 2014 21:38:18 +0000