-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 18 Jan 2014 21:38:18 +0000 Source: mysql-5.5 Binary: libmysqlclient18 libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 mysql-server mysql-client mysql-testsuite-5.5 mysql-source-5.5 Architecture: source all amd64 Version: 5.5.35+dfsg-1 Distribution: unstable Urgency: low Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org> Changed-By: James Page <jamespage@debian.org> Description: libmysqlclient-dev - MySQL database development files libmysqlclient18 - MySQL database client library libmysqld-dev - MySQL embedded database development files libmysqld-pic - PIC version of MySQL embedded server development files mysql-client - MySQL database client (metapackage depending on the latest versio mysql-client-5.5 - MySQL database client binaries mysql-common - MySQL database common files, e.g. /etc/mysql/my.cnf mysql-server - MySQL database server (metapackage depending on the latest versio mysql-server-5.5 - MySQL database server binaries and system database setup mysql-server-core-5.5 - MySQL database server binaries mysql-source-5.5 - MySQL source mysql-testsuite-5.5 - MySQL testsuite Closes: 711600 732306 Changes: mysql-5.5 (5.5.35+dfsg-1) unstable; urgency=low . [ Clint Byrum ] * Drop creation of insecure database permissions (Closes: #732306): - d/p/33_scripts__mysql_create_system_tables__no_test.patch, d/p/41_scripts__mysql_install_db.sh__no_test.patch, d/p/50_mysql-test__db_test.patch: Restored from mysql-5.1 package, inadvertently dropped in 5.5 transition. This removes the global anonymous access to the database which is a security concern. . [ James Page ] * New upstream release: - d/p/fix-racey-rpltests.patch: Dropped - no longer required. - d/p/50_mysql-test__db_test.patch: Add extra permissions to mysql-run-tests.pl for test_% accounts, fixing failing tests. - d/p/*: Refreshed patches. - SECURITY UPDATE: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html - CVE-2013-5891 - CVE-2013-5908 - CVE-2014-0386 - CVE-2014-0393 - CVE-2014-0401 - CVE-2014-0402 - CVE-2014-0412 - CVE-2014-0420 - CVE-2014-0437 * Sync changes from NMU 5.5.33+dfsg-0+wheezy1: - d/NEWS: Add NEWS file to document changes needed to existing databases to drop insecure database permissions. - SECURITY UPDATE: Insecure creation of the credential file debian.cnf. - d/mysql-server-5.5.postinst: Set umask to 066 before creating debian.cnf file (Closes: #711600). - CVE-2013-2162 - d/copyright: Update copyright years for upstream files. * d/control: Update VCS field for new git location. * d/control: Add myself to Uploaders. * d/*: Wrap and sort. * d/control: Bumped Standards-Version, no changes. Checksums-Sha1: a88795a262a449b6aa60dad2a09a256df756bf18 2954 mysql-5.5_5.5.35+dfsg-1.dsc ede7015b698bef5ede4c59a7a9d428b2a679ac77 21707804 mysql-5.5_5.5.35+dfsg.orig.tar.gz 4465d07fe84783f5d3ffde67f8575bc151f3d0bc 230288 mysql-5.5_5.5.35+dfsg-1.debian.tar.xz af34ac61271d377e7d53abf7b528eb6930be384c 84470 mysql-common_5.5.35+dfsg-1_all.deb f3d02067bd71cf26e9756f8ab53b105fb58dfc5e 82720 mysql-server_5.5.35+dfsg-1_all.deb cd38aff42365c60139b34d7c379c520e3c2099a2 82596 mysql-client_5.5.35+dfsg-1_all.deb 5d8398958dd1624be5736c04912e3120b65b5ba2 679070 libmysqlclient18_5.5.35+dfsg-1_amd64.deb a62972bc7defb8491c0a1b2d82788fa746c32422 3168336 libmysqld-pic_5.5.35+dfsg-1_amd64.deb 5156f5a82edeeed26433d0776f4a1b3bc713c55b 3168400 libmysqld-dev_5.5.35+dfsg-1_amd64.deb c8ac5fe33f91928a14a6c2ff8a57aff38e5fde37 949164 libmysqlclient-dev_5.5.35+dfsg-1_amd64.deb e7cb1c6914aac77f65b39e651eac4a2955f85c3c 1843556 mysql-client-5.5_5.5.35+dfsg-1_amd64.deb 6ab771bcd0ab4db209fd557e844a0007fd592edc 3784472 mysql-server-core-5.5_5.5.35+dfsg-1_amd64.deb 1c83b933b2a2b9227a8ecbf62a5cb770173c38bc 2031168 mysql-server-5.5_5.5.35+dfsg-1_amd64.deb c82ab5ed2f7bf34322dd7cef7518828213f7eb02 4343536 mysql-testsuite-5.5_5.5.35+dfsg-1_amd64.deb 3286f2e933418bebb4f21e1d5a319b649475d645 22830820 mysql-source-5.5_5.5.35+dfsg-1_amd64.deb Checksums-Sha256: 613c90c08ee106f883f50e7b36fe7c19f0661c39d8ee9568db9eb11788af050d 2954 mysql-5.5_5.5.35+dfsg-1.dsc 46f28f6907438f2abf97dfbf1124f1c0568d4c60fc370664755cf51c5dae664a 21707804 mysql-5.5_5.5.35+dfsg.orig.tar.gz 9c3da35cce0d3cc68af6552a20d381b571db05b29a53463986b2bb89e4fc560c 230288 mysql-5.5_5.5.35+dfsg-1.debian.tar.xz 36af86baac51e9d55997dfa03982d66858c4481e7a790ce9a12ce6df2f4fc790 84470 mysql-common_5.5.35+dfsg-1_all.deb b88528aaf1cb14765f311e40160f27a57acd95f7436d3d50b1aef382c97c2ad0 82720 mysql-server_5.5.35+dfsg-1_all.deb 5909264f4315695e34610ff54c02258ca02e3e5876bfe4d4004906e30db4fb22 82596 mysql-client_5.5.35+dfsg-1_all.deb caae3218d8be3efa92ce520a92a7b2ec85b6184e16f45162e72023c0646c6f28 679070 libmysqlclient18_5.5.35+dfsg-1_amd64.deb 68b9e4ac56ec5b2548e16f2dd6fbabf18d0cf9a128cbe7ad11797a31f6ce1cb3 3168336 libmysqld-pic_5.5.35+dfsg-1_amd64.deb cee07ea9fea27692bda9dd86ab9b456d4f36303e79ab2e6ac48bda01b696d2c2 3168400 libmysqld-dev_5.5.35+dfsg-1_amd64.deb 4b6aa4dba8d12fde4979dee122833d1c360f3b7406683837977dfaa4eb44333e 949164 libmysqlclient-dev_5.5.35+dfsg-1_amd64.deb 6fd7f374ab755a9456cc58a14f2f0a229a12ef1818e0cd22d425d2bd3ce9b291 1843556 mysql-client-5.5_5.5.35+dfsg-1_amd64.deb 18edcd67733279928491fb0e69be52cc7bcf73a89d28c04046f855786ca24312 3784472 mysql-server-core-5.5_5.5.35+dfsg-1_amd64.deb 182464883dcfc4ffff3266e21f348401ca7c41a436914ca22b83459d45f280a4 2031168 mysql-server-5.5_5.5.35+dfsg-1_amd64.deb 6573c412542f9ee96a6a0cc566523f395a2aeda0f7dd0cfb8d020497dd3e287e 4343536 mysql-testsuite-5.5_5.5.35+dfsg-1_amd64.deb bbd337244f0a55d1707654357acbcbdbf29ada03211e8737df7c0b45025d9da7 22830820 mysql-source-5.5_5.5.35+dfsg-1_amd64.deb Files: 1b001d677be74465db2be9fb1b3fc533 2954 database optional mysql-5.5_5.5.35+dfsg-1.dsc 56f833052b579b7d4a2b16326cda6990 21707804 database optional mysql-5.5_5.5.35+dfsg.orig.tar.gz 684ab6c22754f363c5915d26777d5376 230288 database optional mysql-5.5_5.5.35+dfsg-1.debian.tar.xz fa2e7c65f352c198ac53f059a49f2fc1 84470 database optional mysql-common_5.5.35+dfsg-1_all.deb 5afdcbb3181c2d5d27333b19ed65f705 82720 database optional mysql-server_5.5.35+dfsg-1_all.deb 0f6cadb759d6b60fe2fe06148275cc36 82596 database optional mysql-client_5.5.35+dfsg-1_all.deb 56511175968616f253db6fda495fc6f1 679070 libs optional libmysqlclient18_5.5.35+dfsg-1_amd64.deb 0cfd6ccac4cb1de752e43464ddec525f 3168336 libdevel optional libmysqld-pic_5.5.35+dfsg-1_amd64.deb 348c7caa679c7a2ae40268057ba80d25 3168400 libdevel optional libmysqld-dev_5.5.35+dfsg-1_amd64.deb 2d977839265fbce12634c9e3a5d4341a 949164 libdevel optional libmysqlclient-dev_5.5.35+dfsg-1_amd64.deb 459879450295a67353072914264fd430 1843556 database optional mysql-client-5.5_5.5.35+dfsg-1_amd64.deb 8d0494c03876fffe631937b7787cc597 3784472 database optional mysql-server-core-5.5_5.5.35+dfsg-1_amd64.deb 17bddb8053fb75cbcee90e1962bdd2a8 2031168 database optional mysql-server-5.5_5.5.35+dfsg-1_amd64.deb 45787d76cbc0be19b4cbbc7ecd50c623 4343536 database optional mysql-testsuite-5.5_5.5.35+dfsg-1_amd64.deb c49924146473bfee13f25d1ee577b0c2 22830820 database optional mysql-source-5.5_5.5.35+dfsg-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCAAGBQJS2vyWAAoJEL/srsug59jD/k4P/0MGyjheKz/h9OURmWgAe3Ow +Z3Fi4iAjm6JwXfUo2vvdd3A/yx4J1nZl+skjwaEBLzqgteNHF7uCPRyLB+gUorg oVJ/IxpGr2onEgH9B6cfhjfl3uKrAZlULgkOVPbHLfEQ8ZzQp5lrjJ/hAbDK6Scf Rm6mLEhbpl1VVHH45T792l/oo/X9YOinTdRrPPWFzfsjMEB+fskTcpNFMiSl6VjB BUXZa2gZq9aUWDJiPuiaVXnsFDX0Ow9rJrXHe5epPZPzC9HXFqnvf1y/ZQMwiWcs MADnyULDFb6Uyj+iDTnkA3xoeRTYfMm6Je8m66Kc5kjtqXbJ76rASY7yRCDQJBL/ UbRFdUzzCfuO37Qqts7CcPgiCgC3baH1z0fPf2Otukq15Z5sQNayB3/5hK3iPUeR Ba0hE6HE2uv1NLK/9F9p/8345a8M8sXMi31Ikq7cooNXJK7vfR5E+D+2lRkv8jVl FjbWJoRJbzy4aylkTE7ODOLr0ucqi8+HR5RQoZwfho84gNK8uF7XiE2599g3L1iS 1jrvzXMXtx/qMp9AXMDJ1MyXFsB76PdxS19ERnsdiBYDoUtEI5NMsd0TxrXAAmLN Q6VlgooHXzi5pJATim9xwRVL7RxgKGJFAAReQVUsMVhlVi8F6q+5oLBug09FHR8b cx/TXRz1e7SOTR9/E4L2 =ldt+ -----END PGP SIGNATURE-----