mysql 5.6.25 also fixes CVE-2012-5615[0], quoting from cve.mitre.org[1] :
"""
Oracle MySQL 5.5.38 and earlier, **5.6.19 and earlier**, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
"""
mysql 5.6.25 also fixes CVE-2012-5615[0], quoting from cve.mitre.org[1] :
"""
Oracle MySQL 5.5.38 and earlier, **5.6.19 and earlier**, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
"""
[0] http:// people. canonical. com/~ubuntu- security/ cve/2012/ CVE-2012- 5615.html cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2012- 5615
[1] http://