USN-2953-1: MySQL vulnerabilities partially applies to MariaDB too

Bug #1573761 reported by Otto Kekäläinen on 2016-04-22
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mariadb-5.5 (Ubuntu)
Medium
Unassigned
Trusty
Medium
Unassigned

Bug Description

The mentioned security notice also affect MariaDB and the latest release 5.5.49 includes fixes.

I will prepare a security release for Trusty now.

Otto Kekäläinen (otto) wrote :

Packaging update done at https://github.com/ottok/mariadb-5.5/commits/ubuntu-14.04

Attached file created with command: git diff ubuntu/5.5.47-1ubuntu0.14.04.1...HEAD debian/ > 5.5.47-1ubuntu0.14.04.1...HEAD.debdiff

Test builds running at https://launchpad.net/~mysql-ubuntu/+archive/ubuntu/mariadb/+builds?build_text=&build_state=all

Please get the upstream sources with e.g. uscan and use the debian/* contents from the current Trusty package, which upon you apply the attached documentation-only patch.

Otto Kekäläinen (otto) wrote :

All tests passed, any sponsor is free to upload.

Alternatively to the debdiff, you can also build the whole package directly with git-buildpackage from http://anonscm.debian.org/cgit/pkg-mysql/mariadb-5.5.git/log/?h=ubuntu-14.04 (or the mirror at https://github.com/ottok/mariadb-5.5/tree/ubuntu-14.04)

information type: Private Security → Public Security
tags: added: trusty
Changed in mariadb-5.5 (Ubuntu):
importance: Undecided → Medium
Changed in mariadb-5.5 (Ubuntu Trusty):
importance: Undecided → Medium
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mariadb-5.5 - 5.5.49-1ubuntu0.14.04.1

---------------
mariadb-5.5 (5.5.49-1ubuntu0.14.04.1) trusty-security; urgency=low

  * SECURITY UPDATE: New upstream release 5.5.49 (LP: #1573761)
    - CVE-2016-0647
    - CVE-2016-0648
    - CVE-2016-0666
    - CVE-2016-0643
  * After the release of 5.5.49 it was announced that 5.5.48 included fixes for
    the following security vulnerabilities:
    - CVE-2016-0640
    - CVE-2016-0644
    - CVE-2016-0646
    - CVE-2016-0649
    - CVE-2016-0650
    - CVE-2016-0641
  * Updated previous changelog entries to contain new CVE identifiers.

 -- Otto Kekäläinen <email address hidden> Fri, 22 Apr 2016 22:13:38 +0300

Changed in mariadb-5.5 (Ubuntu Trusty):
status: New → Fix Released
Tyler Hicks (tyhicks) on 2016-05-04
Changed in mariadb-5.5 (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers