-
mysql-5.5 (5.5.60-0+deb8u1) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Imported Upstream version 5.5.60 to fix security issues:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2773 CVE-2018-2781
CVE-2018-2813 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819
* Don't install obsolete manpages.
Do not try to install anymore obsolete manpages for mysql_client_test,
mysql_client_test_embedded and mysqltest_embedded.
-- Salvatore Bonaccorso <email address hidden> Wed, 18 Apr 2018 22:28:36 +0200
-
mysql-5.5 (5.5.58-0+deb8u1) jessie-security; urgency=high
* Imported upstream version 5.5.58 to fix security issues:
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384
(Closes: #878402)
-- Lars Tangvald <email address hidden> Tue, 17 Oct 2017 10:20:55 +0200
-
mysql-5.5 (5.5.55-0+deb8u1) jessie-security; urgency=high
* Imported upstream version 5.5.55 to fix security issues:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
- CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309
- CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461
- CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600
(Closes: #860544, #854713)
* d/patches: refreshed 62_disable_tests.patch
* d/patches: dropped fix_test_events_2.patch. Issue fixed upstream
-- Lars Tangvald <email address hidden> Tue, 18 Apr 2017 09:24:12 +0200
-
mysql-5.5 (5.5.53-0+deb8u1) jessie-security; urgency=high
* Imported upstream version 5.5.53 to fix security issues:
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- CVE-2016-7440 CVE-2016-5584
(Closes: #841050)
* Packaging will now create /var/lib/mysql-files, as server will now by
default restrict all import/export operations to this directory. This
can be changed using the secure-file-priv config option.
-- Lars Tangvald <email address hidden> Mon, 17 Oct 2016 10:49:23 +0200
-
mysql-5.5 (5.5.50-0+deb8u1) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Imported Upstream version 5.5.50 to fix security issues:
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440
-- Salvatore Bonaccorso <email address hidden> Thu, 21 Jul 2016 07:03:59 +0200
-
mysql-5.5 (5.5.49-0+deb8u1) jessie-security; urgency=high
* Imported Upstream version 5.5.49 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
- CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644
CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650
CVE-2016-0666 CVE-2016-2047
(Closes: #821100)
-- Lars Tangvald <email address hidden> Mon, 18 Apr 2016 07:53:29 +0200
-
mysql-5.5 (5.5.47-0+deb8u1) jessie-security; urgency=high
* Imported Upstream version 5.5.47 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- CVE-2016-0546 CVE-2016-0505 CVE-2016-0596 CVE-2016-0597 CVE-2016-0616
CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609
(Closes: #811428)
* fix-test-suite-failure-caused-by-arbitrary-date-in-the-future-patch is no
longer needed, as bug is fixed in new Upstream version
-- Lars Tangvald <email address hidden> Wed, 13 Jan 2016 12:53:26 +0100
-
mysql-5.5 (5.5.46-0+deb8u1) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Imported Upstream version 5.5.46 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819
CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861
CVE-2015-4870 CVE-2015-4879 CVE-2015-4913
(Closes: #802564)
* Add fix-test-suite-failure-caused-by-arbitrary-date-in-the-future.patch.
Fix test suite failure caused by arbitrary date in the future.
Thanks to Marc Deslauriers <email address hidden>
-- Salvatore Bonaccorso <email address hidden> Fri, 23 Oct 2015 13:35:23 +0200
-
mysql-5.5 (5.5.44-0+deb8u1) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Imported Upstream version 5.5.44 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- CVE-2015-4752 CVE-2015-4737 CVE-2015-2648 CVE-2015-2643 CVE-2015-2620
CVE-2015-2582
(Closes: #792445)
-- Salvatore Bonaccorso <email address hidden> Wed, 15 Jul 2015 17:00:27 +0200
-
mysql-5.5 (5.5.43-0+deb8u1) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Imported Upstream version 5.5.43 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2571
(Closes: #782645)
* Update copyright years for upstream files
-- Salvatore Bonaccorso <email address hidden> Sat, 18 Apr 2015 06:07:42 +0200
-
mysql-5.5 (5.5.42-1) unstable; urgency=medium
[ James Page ]
* SECURITY UPDATE: Update to 5.5.41 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- CVE-2015-0411, CVE-2015-0382, CVE-2015-0381, CVE-2015-0432,
CVE-2014-6568, CVE-2015-0374
(Closes: #775881).
* d/p/fix-func_math-test-failure.patch: Dropped, included upstream.
[ Akhil Mohan ]
* New upstream version, resolving date driven test failures in certs.
* Example option in log_slow_queries d/additions/my.cnf is deprecated
and replaced with options slow_query_log_file and slow_query_log.
(Closes: #677222)
-- James Page <email address hidden> Mon, 09 Feb 2015 14:12:44 +0000
-
mysql-5.5 (5.5.40-1) unstable; urgency=medium
* SECURITY UPDATE: Update to 5.5.40 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- CVE-2012-5615, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463,
CVE-2014-6464, CVE-2014-6469, CVE-2014-6478, CVE-2014-6484,
CVE-2014-6491, CVE-2014-6494, CVE-2014-6495, CVE-2014-6496,
CVE-2014-6500, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520,
CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559
(Closes: #765663, #769337)
* d/p/fix-mysqlhotcopy-test-failure.patch: Add return code 255 to the list
of allowable return codes for mysqlhotcopy tests.
* d/rules: Enable parallel builds.
-- James Page <email address hidden> Mon, 24 Nov 2014 16:31:57 +0000
-
mysql-5.5 (5.5.39-1) unstable; urgency=medium
* SECURITY UPDATE: Update to 5.5.38 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- CVE-2014-2494
- CVE-2014-4207
- CVE-2014-4258
- CVE-2014-4260
* New upstream release.
* d/p/fix-func_math-test-failure.patch: Fix for failing func_math test
(Closes: #753196, #746883).
-- James Page <email address hidden> Mon, 01 Sep 2014 13:20:20 +0100
-
mysql-5.5 (5.5.37-1) unstable; urgency=medium
* SECURITY UPDATE: Update to 5.5.37 to fix security issues (Closes: #744910)
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- CVE-2014-0001 (Closes: #737596).
- CVE-2014-0384
- CVE-2014-2419
- CVE-2014-2430
- CVE-2014-2431
- CVE-2014-2432
- CVE-2014-2436
- CVE-2014-2438
- CVE-2014-2440
* d/mysql-server-5.5.mysql.init: Fixup indentation on previous change
(Closes: #739846).
* d/rules: Always install apparmor profile, not just on Ubuntu
(Closes: #736087).
* d/control: Update for use of virtual-* packages for switching to/from
MySQL alternatives.
* d/watch,repack.*: Drop repackaging as upstream tarball is now DFSG
compliant.
-- James Page <email address hidden> Thu, 24 Apr 2014 18:03:59 +0100
-
mysql-5.5 (5.5.35+dfsg-2) unstable; urgency=low
[ Clint Byrum ]
* d/mysql-server-5.5.mysql.init: Increase timeout to 30s (Closes: #736452).
* d/mysql-server-5.5.postinst: Run mysql_install_db as mysql so tables are
not created as root (Closes: #737224).
[ Robie Basak ]
* Re-sync relevant Ubuntu changes:
- d/control: Make innotop usable without installing Suggests.
- d/rules: Build with debug symbols.
- d/{additions/my.cnf,mysql-server-5.5.mysql-server.logrotate}:
Write an error log and logrotate it.
- d/control,rules,apparmor-profile,mysql-server-5.5.files:
Add AppArmor profile (Closes: #736087).
- d/control: Move mailx from Recommends to Suggests.
- d/control,d/tests/*: Add DEP-8 tests.
- d/control: Re-add mysql-testsuite metapackage.
[ James Page ]
* d/control: Drop Nicholas from Uploaders, MIA (Closes: #739361).
-- James Page <email address hidden> Wed, 19 Feb 2014 12:37:01 +0000
-
mysql-5.5 (5.5.35+dfsg-1) unstable; urgency=low
[ Clint Byrum ]
* Drop creation of insecure database permissions (Closes: #732306):
- d/p/33_scripts__mysql_create_system_tables__no_test.patch,
d/p/41_scripts__mysql_install_db.sh__no_test.patch,
d/p/50_mysql-test__db_test.patch: Restored from mysql-5.1
package, inadvertently dropped in 5.5 transition. This
removes the global anonymous access to the database which
is a security concern.
[ James Page ]
* New upstream release:
- d/p/fix-racey-rpltests.patch: Dropped - no longer required.
- d/p/50_mysql-test__db_test.patch: Add extra permissions to
mysql-run-tests.pl for test_% accounts, fixing failing tests.
- d/p/*: Refreshed patches.
- SECURITY UPDATE:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- CVE-2013-5891
- CVE-2013-5908
- CVE-2014-0386
- CVE-2014-0393
- CVE-2014-0401
- CVE-2014-0402
- CVE-2014-0412
- CVE-2014-0420
- CVE-2014-0437
* Sync changes from NMU 5.5.33+dfsg-0+wheezy1:
- d/NEWS: Add NEWS file to document changes needed to existing databases
to drop insecure database permissions.
- SECURITY UPDATE: Insecure creation of the credential file debian.cnf.
- d/mysql-server-5.5.postinst: Set umask to 066 before creating
debian.cnf file (Closes: #711600).
- CVE-2013-2162
- d/copyright: Update copyright years for upstream files.
* d/control: Update VCS field for new git location.
* d/control: Add myself to Uploaders.
* d/*: Wrap and sort.
* d/control: Bumped Standards-Version, no changes.
-- James Page <email address hidden> Sat, 18 Jan 2014 21:38:18 +0000
-
mysql-5.5 (5.5.33+dfsg-1) unstable; urgency=low
* d/rules, d/control: Remove gcc-4.4 dependency and disable X86
assembly in taocrypt. (Closes: #707280) (Closes: #678252)
* d/patches/fix-mips64el-ftbfs.patch: Fix FTBFS on mips64el.
(Closes: #719196) Thanks YunQuiang Su.
* New upstream release.
SECURITY UPDATE: CVE-2013-1861 CVE-2013-3783 CVE-2013-3793
CVE-2013-3804 CVE-2013-3802 CVE-2013-3809 CVE-2013-3812
(Closes: #706715) (Closes: #712730)
* d/patches/work_around_failing_rpl_deadlock.patch: Test suite
changes upstream have left some connections active. This
patch fixes that. Thanks Kristian Nielsen!
* d/patches/fix-racey-rpltests.patch: Fix from Oracle for failing
tests.
-- Clint Byrum <email address hidden> Thu, 26 Sep 2013 09:14:47 -0700
-
mysql-5.5 (5.5.31+dfsg-1) unstable; urgency=high
* New upstream release.
SECURITY UPDATE: CVE-2013-2375 CVE-2013-1544 CVE-2013-1532
CVE-2013-2389 CVE-2013-2392 CVE-2013-2376 CVE-2013-1511
CVE-2013-2391 CVE-2013-1502
- Patches refreshed.
- d/p/yassl.patch - dropped, applied upstream
- d/p/debian-mdev382-fixup.patch: dropped, fixed upstream.
-- Clint Byrum <email address hidden> Mon, 06 May 2013 12:22:55 -0700
-
mysql-5.5 (5.5.30+dfsg-1.1) unstable; urgency=low
* Non-maintainer upload.
* d/p/yassl.patch - patch for CVE-2013-0169 (Closes: #699886)
-- Michael Stapelberg <email address hidden> Sun, 14 Apr 2013 12:45:53 +0200