Comment 6 for bug 1475294

mysql 5.6.25 also fixes CVE-2012-5615[0], quoting from cve.mitre.org[1] :

"""
Oracle MySQL 5.5.38 and earlier, **5.6.19 and earlier**, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
"""

[0] http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5615.html
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615