Ubuntu

MySQL security update tracking bug

Reported by Marc Deslauriers on 2012-02-21
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mysql-5.1 (Ubuntu)
Undecided
Unassigned
Hardy
Undecided
Unassigned
Lucid
Undecided
Unassigned
Maverick
Undecided
Marc Deslauriers
Natty
Undecided
Marc Deslauriers
Oneiric
Undecided
Marc Deslauriers
mysql-dfsg-5.0 (Ubuntu)
Undecided
Unassigned
Hardy
Undecided
Marc Deslauriers
Lucid
Undecided
Unassigned
Maverick
Undecided
Unassigned
Natty
Undecided
Unassigned
Oneiric
Undecided
Unassigned
mysql-dfsg-5.1 (Ubuntu)
Undecided
Unassigned
Hardy
Undecided
Unassigned
Lucid
Undecided
Marc Deslauriers
Maverick
Undecided
Unassigned
Natty
Undecided
Unassigned
Oneiric
Undecided
Unassigned

Bug Description

This is the tracking bug for the mysql security update to 5.1.61 and 5.0.95.

http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

    - CVE-2011-2262
    - CVE-2012-0075
    - CVE-2012-0087
    - CVE-2012-0101
    - CVE-2012-0102
    - CVE-2012-0112
    - CVE-2012-0113
    - CVE-2012-0114
    - CVE-2012-0115
    - CVE-2012-0116
    - CVE-2012-0117
    - CVE-2012-0118
    - CVE-2012-0119
    - CVE-2012-0120
    - CVE-2012-0484
    - CVE-2012-0485
    - CVE-2012-0486
    - CVE-2012-0487
    - CVE-2012-0488
    - CVE-2012-0489
    - CVE-2012-0490
    - CVE-2012-0491
    - CVE-2012-0492
    - CVE-2012-0493
    - CVE-2012-0494
    - CVE-2012-0495
    - CVE-2012-0496

visibility: private → public
Changed in mysql-5.1 (Ubuntu Maverick):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mysql-5.1 (Ubuntu Natty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mysql-5.1 (Ubuntu Oneiric):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mysql-5.1 (Ubuntu):
status: New → In Progress
Changed in mysql-5.1 (Ubuntu Maverick):
status: New → Confirmed
Changed in mysql-5.1 (Ubuntu Natty):
status: New → Confirmed
Changed in mysql-5.1 (Ubuntu Oneiric):
status: New → Confirmed
Changed in mysql-dfsg-5.1 (Ubuntu):
status: New → In Progress
Changed in mysql-dfsg-5.1 (Ubuntu Maverick):
status: New → Invalid
Changed in mysql-dfsg-5.1 (Ubuntu Natty):
status: New → Invalid
Changed in mysql-dfsg-5.1 (Ubuntu Oneiric):
status: New → Invalid
Changed in mysql-5.1 (Ubuntu Lucid):
status: New → Invalid
Changed in mysql-dfsg-5.1 (Ubuntu Lucid):
assignee: nobody → Marc Deslauriers (mdeslaur)
status: New → Confirmed
summary: - 5.1.x security update tracking bug
+ MySQL security update tracking bug
Changed in mysql-dfsg-5.0 (Ubuntu):
status: New → In Progress
Changed in mysql-5.1 (Ubuntu Hardy):
status: New → Invalid
Changed in mysql-dfsg-5.0 (Ubuntu Hardy):
assignee: nobody → Marc Deslauriers (mdeslaur)
status: New → Confirmed
Changed in mysql-dfsg-5.0 (Ubuntu Lucid):
status: New → Invalid
Changed in mysql-dfsg-5.0 (Ubuntu Maverick):
status: New → Invalid
Changed in mysql-dfsg-5.0 (Ubuntu Natty):
status: New → Invalid
Changed in mysql-dfsg-5.0 (Ubuntu Oneiric):
status: New → Invalid
Changed in mysql-dfsg-5.1 (Ubuntu Hardy):
status: New → Invalid
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-dfsg-5.0 - 5.0.95-0ubuntu1

---------------
mysql-dfsg-5.0 (5.0.95-0ubuntu1) hardy-security; urgency=low

  * SECURITY UPDATE: Update to 5.0.95 to fix multiple security issues
    (LP: #937869)
    - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
    - CVE-2012-0075
    - CVE-2012-0087
    - CVE-2012-0101
    - CVE-2012-0102
    - CVE-2012-0114
    - CVE-2012-0484
    - CVE-2012-0490
  * Dropped patches unnecessary with 5.0.95:
    - debian/patches/91_SECURITY_CVE-2007-5925.dpatch
    - debian/patches/95_SECURITY_CVE-2008-3963.dpatch
    - debian/patches/96_SECURITY_CVE-2008-4098.dpatch
    - debian/patches/97_CVE-2008-4456.dpatch
    - debian/patches/97_CVE-2009-2446.dpatch
    - debian/patches/97_CVE-2009-4019.dpatch
    - debian/patches/97_CVE-2009-4030.dpatch
    - debian/patches/98_CVE-2009-4484.dpatch
    - debian/patches/99_ssl_test_certs.dpatch
    - debian/patches/100_CVE-2010-1850.dpatch
    - debian/patches/101_CVE-2010-1849.dpatch
    - debian/patches/102_CVE-2010-1848.dpatch
    - debian/patches/103_CVE-2010-1626.dpatch
    - debian/patches/98_CVE-2010-3677.dpatch
    - debian/patches/98_CVE-2010-3680.dpatch
    - debian/patches/98_CVE-2010-3681.dpatch
    - debian/patches/98_CVE-2010-3682.dpatch
    - debian/patches/98_CVE-2010-3833.dpatch
    - debian/patches/98_CVE-2010-3834.dpatch
    - debian/patches/98_CVE-2010-3835.dpatch
    - debian/patches/98_CVE-2010-3836.dpatch
    - debian/patches/98_CVE-2010-3837.dpatch
    - debian/patches/98_CVE-2010-3838.dpatch
    - debian/patches/98_CVE-2010-3840.dpatch
    - debian/patches/45_warn-CLI-passwords.dpatch
    - debian/patches/50_fix_mysqldump.dpatch
    - debian/patches/51_incorrect-order.dpatch
    - debian/patches/52_ndb-gcc-4.2.dpatch
    - debian/patches/53_integer-gcc-4.2.dpatch
    - debian/patches/54_ssl-client-support.dpatch
    - debian/patches/55_testsuite-2008.dpatch
    - debian/patches/58-disable-ndb-backup-print.dpatch
    - debian/patches/59-fix-mysql-replication-logs.dpatch
    - debian/patches/86_PATH_MAX.dpatch
    - debian/patches/90_upstreamdebiandir.dpatch
    - debian/patches/92_fix_order_by32202.dpatch
    - debian/patches/93_fix_user_setup_on_localhost.dpatch
    - debian/patches/94_fix_mysqldump_with_old_versions.dpatch
    - debian/patches/56-mysqlhotcopy-invalid-dbtable.dpatch
    - debian/patches/57-fix-mysqlslowdump-config.dpatch
  * debian/mysql-client-5.0.docs, debian/mysql-server-5.0.docs: removed
    EXCEPTIONS-CLIENT file
  * debian/libmysqlclient15-dev.docs, debian/libmysqlclient15off.docs:
    removed, no longer necessary.
  * debian/patches/25_mysys__default.c.dpatch: updated for 5.0.95.
  * debian/mysql-server-5.0.files: change ndb_mgmd and ndbd manpage
    locations. Removed mysqlmanagerc.1 and mysqlmanager-pwgen.1
 -- Marc Deslauriers <email address hidden> Thu, 23 Feb 2012 11:21:11 -0500

Changed in mysql-dfsg-5.0 (Ubuntu Hardy):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-dfsg-5.1 - 5.1.61-0ubuntu0.10.04.1

---------------
mysql-dfsg-5.1 (5.1.61-0ubuntu0.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: Update to 5.1.61 to fix multiple security issues
    (LP: #937869)
    - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
    - CVE-2011-2262
    - CVE-2012-0075
    - CVE-2012-0112
    - CVE-2012-0113
    - CVE-2012-0114
    - CVE-2012-0115
    - CVE-2012-0116
    - CVE-2012-0117
    - CVE-2012-0118
    - CVE-2012-0119
    - CVE-2012-0120
    - CVE-2012-0484
    - CVE-2012-0485
    - CVE-2012-0486
    - CVE-2012-0487
    - CVE-2012-0488
    - CVE-2012-0489
    - CVE-2012-0490
    - CVE-2012-0491
    - CVE-2012-0492
    - CVE-2012-0493
    - CVE-2012-0494
    - CVE-2012-0495
    - CVE-2012-0496
  * Dropped patches unnecessary with 5.1.61:
    - debian/patches/90_mysql_safer_strmov.dpatch
    - debian/patches/51_ssl_test_certs.dpatch
    - debian/patches/52_CVE-2009-4030.dpatch
    - debian/patches/53_CVE-2009-4484.dpatch
    - debian/patches/54_CVE-2008-7247.dpatch
    - debian/patches/55_CVE-2010-1621.dpatch
    - debian/patches/56_CVE-2010-1850.dpatch
    - debian/patches/57_CVE-2010-1849.dpatch
    - debian/patches/58_CVE-2010-1848.dpatch
    - debian/patches/59_CVE-2010-1626.dpatch
    - debian/patches/60_CVE-2010-2008.dpatch
    - debian/patches/60_CVE-2010-3677.dpatch
    - debian/patches/60_CVE-2010-3678.dpatch
    - debian/patches/60_CVE-2010-3679.dpatch
    - debian/patches/60_CVE-2010-3680.dpatch
    - debian/patches/60_CVE-2010-3681.dpatch
    - debian/patches/60_CVE-2010-3682.dpatch
    - debian/patches/60_CVE-2010-3683.dpatch
    - debian/patches/60_CVE-2010-3833.dpatch
    - debian/patches/60_CVE-2010-3834.dpatch
    - debian/patches/60_CVE-2010-3835.dpatch
    - debian/patches/60_CVE-2010-3836.dpatch
    - debian/patches/60_CVE-2010-3837.dpatch
    - debian/patches/60_CVE-2010-3838.dpatch
    - debian/patches/60_CVE-2010-3839.dpatch
    - debian/patches/60_CVE-2010-3840.dpatch
    - debian/patches/61_disable_longfilename_test.dpatch
    - debian/patches/62_alter_table_fix.dpatch
    - debian/patches/63_cherrypick-upstream-49479.dpatch
    - debian/patches/10_readline_build_fix.dpatch
  * debian/mysql-client-5.1.docs: removed EXCEPTIONS-CLIENT file
  * debian/mysql-server-5.1.docs,debian/libmysqlclient16.docs,
    debian/libmysqlclient-dev.docs: removed, no longer necessary.
 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2012 22:33:55 -0500

Changed in mysql-dfsg-5.1 (Ubuntu Lucid):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.1 - 5.1.61-0ubuntu0.10.10.1

---------------
mysql-5.1 (5.1.61-0ubuntu0.10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: Update to 5.1.61 to fix multiple security issues
    (LP: #937869)
    - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
    - CVE-2011-2262
    - CVE-2012-0075
    - CVE-2012-0112
    - CVE-2012-0113
    - CVE-2012-0114
    - CVE-2012-0115
    - CVE-2012-0116
    - CVE-2012-0117
    - CVE-2012-0118
    - CVE-2012-0119
    - CVE-2012-0120
    - CVE-2012-0484
    - CVE-2012-0485
    - CVE-2012-0486
    - CVE-2012-0487
    - CVE-2012-0488
    - CVE-2012-0489
    - CVE-2012-0490
    - CVE-2012-0491
    - CVE-2012-0492
    - CVE-2012-0493
    - CVE-2012-0494
    - CVE-2012-0495
    - CVE-2012-0496
  * Dropped patches unnecessary with 5.1.61:
    - debian/patches/61_CVE-2010-3833.dpatch
    - debian/patches/61_CVE-2010-3834.dpatch
    - debian/patches/61_CVE-2010-3835.dpatch
    - debian/patches/61_CVE-2010-3836.dpatch
    - debian/patches/61_CVE-2010-3837.dpatch
    - debian/patches/61_CVE-2010-3838.dpatch
    - debian/patches/61_CVE-2010-3839.dpatch
    - debian/patches/61_CVE-2010-3840.dpatch
    - debian/patches/60_abi-check-include.dpatch
    - debian/patches/62_disable_longfilename_test.dpatch
    - debian/patches/90_fix_testsuite_for_installed_env.dpatch
  * debian/mysql-client-5.1.docs: removed EXCEPTIONS-CLIENT file
  * debian/mysql-server-5.1.docs,debian/libmysqlclient16.docs,
    debian/libmysqlclient-dev.docs: removed, no longer necessary.
 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2012 14:16:05 -0500

Changed in mysql-5.1 (Ubuntu Maverick):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.1 - 5.1.61-0ubuntu0.11.04.1

---------------
mysql-5.1 (5.1.61-0ubuntu0.11.04.1) natty-security; urgency=low

  * SECURITY UPDATE: Update to 5.1.61 to fix multiple security issues
    (LP: #937869)
    - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
    - CVE-2011-2262
    - CVE-2012-0075
    - CVE-2012-0112
    - CVE-2012-0113
    - CVE-2012-0114
    - CVE-2012-0115
    - CVE-2012-0116
    - CVE-2012-0117
    - CVE-2012-0118
    - CVE-2012-0119
    - CVE-2012-0120
    - CVE-2012-0484
    - CVE-2012-0485
    - CVE-2012-0486
    - CVE-2012-0487
    - CVE-2012-0488
    - CVE-2012-0489
    - CVE-2012-0490
    - CVE-2012-0491
    - CVE-2012-0492
    - CVE-2012-0493
    - CVE-2012-0494
    - CVE-2012-0495
    - CVE-2012-0496
 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2012 08:30:45 -0500

Changed in mysql-5.1 (Ubuntu Natty):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.1 - 5.1.61-0ubuntu0.11.10.1

---------------
mysql-5.1 (5.1.61-0ubuntu0.11.10.1) oneiric-security; urgency=low

  * SECURITY UPDATE: Update to 5.1.61 to fix multiple security issues
    (LP: #937869)
    - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
    - CVE-2011-2262
    - CVE-2012-0075
    - CVE-2012-0112
    - CVE-2012-0113
    - CVE-2012-0114
    - CVE-2012-0115
    - CVE-2012-0116
    - CVE-2012-0117
    - CVE-2012-0118
    - CVE-2012-0119
    - CVE-2012-0120
    - CVE-2012-0484
    - CVE-2012-0485
    - CVE-2012-0486
    - CVE-2012-0487
    - CVE-2012-0488
    - CVE-2012-0489
    - CVE-2012-0490
    - CVE-2012-0491
    - CVE-2012-0492
    - CVE-2012-0493
    - CVE-2012-0494
    - CVE-2012-0495
    - CVE-2012-0496
 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2012 08:26:10 -0500

Changed in mysql-5.1 (Ubuntu Oneiric):
status: Confirmed → Fix Released
Changed in mysql-dfsg-5.1 (Ubuntu):
status: In Progress → Fix Released
Changed in mysql-dfsg-5.0 (Ubuntu):
status: In Progress → Fix Released
Changed in mysql-5.1 (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers