MySQL security update tracking bug

Bug #937869 reported by Marc Deslauriers
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mysql-5.1 (Ubuntu)
Fix Released
Undecided
Unassigned
Hardy
Invalid
Undecided
Unassigned
Lucid
Invalid
Undecided
Unassigned
Maverick
Fix Released
Undecided
Marc Deslauriers
Natty
Fix Released
Undecided
Marc Deslauriers
Oneiric
Fix Released
Undecided
Marc Deslauriers
mysql-dfsg-5.0 (Ubuntu)
Fix Released
Undecided
Unassigned
Hardy
Fix Released
Undecided
Marc Deslauriers
Lucid
Invalid
Undecided
Unassigned
Maverick
Invalid
Undecided
Unassigned
Natty
Invalid
Undecided
Unassigned
Oneiric
Invalid
Undecided
Unassigned
mysql-dfsg-5.1 (Ubuntu)
Fix Released
Undecided
Unassigned
Hardy
Invalid
Undecided
Unassigned
Lucid
Fix Released
Undecided
Marc Deslauriers
Maverick
Invalid
Undecided
Unassigned
Natty
Invalid
Undecided
Unassigned
Oneiric
Invalid
Undecided
Unassigned

Bug Description

This is the tracking bug for the mysql security update to 5.1.61 and 5.0.95.

http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

    - CVE-2011-2262
    - CVE-2012-0075
    - CVE-2012-0087
    - CVE-2012-0101
    - CVE-2012-0102
    - CVE-2012-0112
    - CVE-2012-0113
    - CVE-2012-0114
    - CVE-2012-0115
    - CVE-2012-0116
    - CVE-2012-0117
    - CVE-2012-0118
    - CVE-2012-0119
    - CVE-2012-0120
    - CVE-2012-0484
    - CVE-2012-0485
    - CVE-2012-0486
    - CVE-2012-0487
    - CVE-2012-0488
    - CVE-2012-0489
    - CVE-2012-0490
    - CVE-2012-0491
    - CVE-2012-0492
    - CVE-2012-0493
    - CVE-2012-0494
    - CVE-2012-0495
    - CVE-2012-0496

visibility: private → public
Changed in mysql-5.1 (Ubuntu Maverick):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mysql-5.1 (Ubuntu Natty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mysql-5.1 (Ubuntu Oneiric):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mysql-5.1 (Ubuntu):
status: New → In Progress
Changed in mysql-5.1 (Ubuntu Maverick):
status: New → Confirmed
Changed in mysql-5.1 (Ubuntu Natty):
status: New → Confirmed
Changed in mysql-5.1 (Ubuntu Oneiric):
status: New → Confirmed
Changed in mysql-dfsg-5.1 (Ubuntu):
status: New → In Progress
Changed in mysql-dfsg-5.1 (Ubuntu Maverick):
status: New → Invalid
Changed in mysql-dfsg-5.1 (Ubuntu Natty):
status: New → Invalid
Changed in mysql-dfsg-5.1 (Ubuntu Oneiric):
status: New → Invalid
Changed in mysql-5.1 (Ubuntu Lucid):
status: New → Invalid
Changed in mysql-dfsg-5.1 (Ubuntu Lucid):
assignee: nobody → Marc Deslauriers (mdeslaur)
status: New → Confirmed
summary: - 5.1.x security update tracking bug
+ MySQL security update tracking bug
Changed in mysql-dfsg-5.0 (Ubuntu):
status: New → In Progress
Changed in mysql-5.1 (Ubuntu Hardy):
status: New → Invalid
Changed in mysql-dfsg-5.0 (Ubuntu Hardy):
assignee: nobody → Marc Deslauriers (mdeslaur)
status: New → Confirmed
Changed in mysql-dfsg-5.0 (Ubuntu Lucid):
status: New → Invalid
Changed in mysql-dfsg-5.0 (Ubuntu Maverick):
status: New → Invalid
Changed in mysql-dfsg-5.0 (Ubuntu Natty):
status: New → Invalid
Changed in mysql-dfsg-5.0 (Ubuntu Oneiric):
status: New → Invalid
Changed in mysql-dfsg-5.1 (Ubuntu Hardy):
status: New → Invalid
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-dfsg-5.0 - 5.0.95-0ubuntu1

---------------
mysql-dfsg-5.0 (5.0.95-0ubuntu1) hardy-security; urgency=low

  * SECURITY UPDATE: Update to 5.0.95 to fix multiple security issues
    (LP: #937869)
    - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
    - CVE-2012-0075
    - CVE-2012-0087
    - CVE-2012-0101
    - CVE-2012-0102
    - CVE-2012-0114
    - CVE-2012-0484
    - CVE-2012-0490
  * Dropped patches unnecessary with 5.0.95:
    - debian/patches/91_SECURITY_CVE-2007-5925.dpatch
    - debian/patches/95_SECURITY_CVE-2008-3963.dpatch
    - debian/patches/96_SECURITY_CVE-2008-4098.dpatch
    - debian/patches/97_CVE-2008-4456.dpatch
    - debian/patches/97_CVE-2009-2446.dpatch
    - debian/patches/97_CVE-2009-4019.dpatch
    - debian/patches/97_CVE-2009-4030.dpatch
    - debian/patches/98_CVE-2009-4484.dpatch
    - debian/patches/99_ssl_test_certs.dpatch
    - debian/patches/100_CVE-2010-1850.dpatch
    - debian/patches/101_CVE-2010-1849.dpatch
    - debian/patches/102_CVE-2010-1848.dpatch
    - debian/patches/103_CVE-2010-1626.dpatch
    - debian/patches/98_CVE-2010-3677.dpatch
    - debian/patches/98_CVE-2010-3680.dpatch
    - debian/patches/98_CVE-2010-3681.dpatch
    - debian/patches/98_CVE-2010-3682.dpatch
    - debian/patches/98_CVE-2010-3833.dpatch
    - debian/patches/98_CVE-2010-3834.dpatch
    - debian/patches/98_CVE-2010-3835.dpatch
    - debian/patches/98_CVE-2010-3836.dpatch
    - debian/patches/98_CVE-2010-3837.dpatch
    - debian/patches/98_CVE-2010-3838.dpatch
    - debian/patches/98_CVE-2010-3840.dpatch
    - debian/patches/45_warn-CLI-passwords.dpatch
    - debian/patches/50_fix_mysqldump.dpatch
    - debian/patches/51_incorrect-order.dpatch
    - debian/patches/52_ndb-gcc-4.2.dpatch
    - debian/patches/53_integer-gcc-4.2.dpatch
    - debian/patches/54_ssl-client-support.dpatch
    - debian/patches/55_testsuite-2008.dpatch
    - debian/patches/58-disable-ndb-backup-print.dpatch
    - debian/patches/59-fix-mysql-replication-logs.dpatch
    - debian/patches/86_PATH_MAX.dpatch
    - debian/patches/90_upstreamdebiandir.dpatch
    - debian/patches/92_fix_order_by32202.dpatch
    - debian/patches/93_fix_user_setup_on_localhost.dpatch
    - debian/patches/94_fix_mysqldump_with_old_versions.dpatch
    - debian/patches/56-mysqlhotcopy-invalid-dbtable.dpatch
    - debian/patches/57-fix-mysqlslowdump-config.dpatch
  * debian/mysql-client-5.0.docs, debian/mysql-server-5.0.docs: removed
    EXCEPTIONS-CLIENT file
  * debian/libmysqlclient15-dev.docs, debian/libmysqlclient15off.docs:
    removed, no longer necessary.
  * debian/patches/25_mysys__default.c.dpatch: updated for 5.0.95.
  * debian/mysql-server-5.0.files: change ndb_mgmd and ndbd manpage
    locations. Removed mysqlmanagerc.1 and mysqlmanager-pwgen.1
 -- Marc Deslauriers <email address hidden> Thu, 23 Feb 2012 11:21:11 -0500

Changed in mysql-dfsg-5.0 (Ubuntu Hardy):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-dfsg-5.1 - 5.1.61-0ubuntu0.10.04.1

---------------
mysql-dfsg-5.1 (5.1.61-0ubuntu0.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: Update to 5.1.61 to fix multiple security issues
    (LP: #937869)
    - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
    - CVE-2011-2262
    - CVE-2012-0075
    - CVE-2012-0112
    - CVE-2012-0113
    - CVE-2012-0114
    - CVE-2012-0115
    - CVE-2012-0116
    - CVE-2012-0117
    - CVE-2012-0118
    - CVE-2012-0119
    - CVE-2012-0120
    - CVE-2012-0484
    - CVE-2012-0485
    - CVE-2012-0486
    - CVE-2012-0487
    - CVE-2012-0488
    - CVE-2012-0489
    - CVE-2012-0490
    - CVE-2012-0491
    - CVE-2012-0492
    - CVE-2012-0493
    - CVE-2012-0494
    - CVE-2012-0495
    - CVE-2012-0496
  * Dropped patches unnecessary with 5.1.61:
    - debian/patches/90_mysql_safer_strmov.dpatch
    - debian/patches/51_ssl_test_certs.dpatch
    - debian/patches/52_CVE-2009-4030.dpatch
    - debian/patches/53_CVE-2009-4484.dpatch
    - debian/patches/54_CVE-2008-7247.dpatch
    - debian/patches/55_CVE-2010-1621.dpatch
    - debian/patches/56_CVE-2010-1850.dpatch
    - debian/patches/57_CVE-2010-1849.dpatch
    - debian/patches/58_CVE-2010-1848.dpatch
    - debian/patches/59_CVE-2010-1626.dpatch
    - debian/patches/60_CVE-2010-2008.dpatch
    - debian/patches/60_CVE-2010-3677.dpatch
    - debian/patches/60_CVE-2010-3678.dpatch
    - debian/patches/60_CVE-2010-3679.dpatch
    - debian/patches/60_CVE-2010-3680.dpatch
    - debian/patches/60_CVE-2010-3681.dpatch
    - debian/patches/60_CVE-2010-3682.dpatch
    - debian/patches/60_CVE-2010-3683.dpatch
    - debian/patches/60_CVE-2010-3833.dpatch
    - debian/patches/60_CVE-2010-3834.dpatch
    - debian/patches/60_CVE-2010-3835.dpatch
    - debian/patches/60_CVE-2010-3836.dpatch
    - debian/patches/60_CVE-2010-3837.dpatch
    - debian/patches/60_CVE-2010-3838.dpatch
    - debian/patches/60_CVE-2010-3839.dpatch
    - debian/patches/60_CVE-2010-3840.dpatch
    - debian/patches/61_disable_longfilename_test.dpatch
    - debian/patches/62_alter_table_fix.dpatch
    - debian/patches/63_cherrypick-upstream-49479.dpatch
    - debian/patches/10_readline_build_fix.dpatch
  * debian/mysql-client-5.1.docs: removed EXCEPTIONS-CLIENT file
  * debian/mysql-server-5.1.docs,debian/libmysqlclient16.docs,
    debian/libmysqlclient-dev.docs: removed, no longer necessary.
 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2012 22:33:55 -0500

Changed in mysql-dfsg-5.1 (Ubuntu Lucid):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.1 - 5.1.61-0ubuntu0.10.10.1

---------------
mysql-5.1 (5.1.61-0ubuntu0.10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: Update to 5.1.61 to fix multiple security issues
    (LP: #937869)
    - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
    - CVE-2011-2262
    - CVE-2012-0075
    - CVE-2012-0112
    - CVE-2012-0113
    - CVE-2012-0114
    - CVE-2012-0115
    - CVE-2012-0116
    - CVE-2012-0117
    - CVE-2012-0118
    - CVE-2012-0119
    - CVE-2012-0120
    - CVE-2012-0484
    - CVE-2012-0485
    - CVE-2012-0486
    - CVE-2012-0487
    - CVE-2012-0488
    - CVE-2012-0489
    - CVE-2012-0490
    - CVE-2012-0491
    - CVE-2012-0492
    - CVE-2012-0493
    - CVE-2012-0494
    - CVE-2012-0495
    - CVE-2012-0496
  * Dropped patches unnecessary with 5.1.61:
    - debian/patches/61_CVE-2010-3833.dpatch
    - debian/patches/61_CVE-2010-3834.dpatch
    - debian/patches/61_CVE-2010-3835.dpatch
    - debian/patches/61_CVE-2010-3836.dpatch
    - debian/patches/61_CVE-2010-3837.dpatch
    - debian/patches/61_CVE-2010-3838.dpatch
    - debian/patches/61_CVE-2010-3839.dpatch
    - debian/patches/61_CVE-2010-3840.dpatch
    - debian/patches/60_abi-check-include.dpatch
    - debian/patches/62_disable_longfilename_test.dpatch
    - debian/patches/90_fix_testsuite_for_installed_env.dpatch
  * debian/mysql-client-5.1.docs: removed EXCEPTIONS-CLIENT file
  * debian/mysql-server-5.1.docs,debian/libmysqlclient16.docs,
    debian/libmysqlclient-dev.docs: removed, no longer necessary.
 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2012 14:16:05 -0500

Changed in mysql-5.1 (Ubuntu Maverick):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.1 - 5.1.61-0ubuntu0.11.04.1

---------------
mysql-5.1 (5.1.61-0ubuntu0.11.04.1) natty-security; urgency=low

  * SECURITY UPDATE: Update to 5.1.61 to fix multiple security issues
    (LP: #937869)
    - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
    - CVE-2011-2262
    - CVE-2012-0075
    - CVE-2012-0112
    - CVE-2012-0113
    - CVE-2012-0114
    - CVE-2012-0115
    - CVE-2012-0116
    - CVE-2012-0117
    - CVE-2012-0118
    - CVE-2012-0119
    - CVE-2012-0120
    - CVE-2012-0484
    - CVE-2012-0485
    - CVE-2012-0486
    - CVE-2012-0487
    - CVE-2012-0488
    - CVE-2012-0489
    - CVE-2012-0490
    - CVE-2012-0491
    - CVE-2012-0492
    - CVE-2012-0493
    - CVE-2012-0494
    - CVE-2012-0495
    - CVE-2012-0496
 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2012 08:30:45 -0500

Changed in mysql-5.1 (Ubuntu Natty):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.1 - 5.1.61-0ubuntu0.11.10.1

---------------
mysql-5.1 (5.1.61-0ubuntu0.11.10.1) oneiric-security; urgency=low

  * SECURITY UPDATE: Update to 5.1.61 to fix multiple security issues
    (LP: #937869)
    - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
    - CVE-2011-2262
    - CVE-2012-0075
    - CVE-2012-0112
    - CVE-2012-0113
    - CVE-2012-0114
    - CVE-2012-0115
    - CVE-2012-0116
    - CVE-2012-0117
    - CVE-2012-0118
    - CVE-2012-0119
    - CVE-2012-0120
    - CVE-2012-0484
    - CVE-2012-0485
    - CVE-2012-0486
    - CVE-2012-0487
    - CVE-2012-0488
    - CVE-2012-0489
    - CVE-2012-0490
    - CVE-2012-0491
    - CVE-2012-0492
    - CVE-2012-0493
    - CVE-2012-0494
    - CVE-2012-0495
    - CVE-2012-0496
 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2012 08:26:10 -0500

Changed in mysql-5.1 (Ubuntu Oneiric):
status: Confirmed → Fix Released
Changed in mysql-dfsg-5.1 (Ubuntu):
status: In Progress → Fix Released
Changed in mysql-dfsg-5.0 (Ubuntu):
status: In Progress → Fix Released
Changed in mysql-5.1 (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.