Debian Package Tracker

general

source: mysql-5.7 (main)
version: 5.7.26-1
maintainer: Debian MySQL Maintainers (archive) (DMD)
uploaders: Robie Basak [DMD] – Lars Tangvald [DMD] – Clint Byrum [DMD] – Norbert Tretkowski [DMD] – James Page [DMD]
arch: all any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

unstable: 5.7.26-1

versioned links

5.7.26-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libmysqlclient-dev (6 bugs: 0, 3, 3, 0)
libmysqlclient20
libmysqld-dev (1 bugs: 0, 0, 1, 0)
mysql-client (7 bugs: 0, 0, 7, 0)
mysql-client-5.7
mysql-client-core-5.7 (4 bugs: 0, 0, 4, 0)
mysql-server (114 bugs: 0, 73, 41, 0)
mysql-server-5.7 (5 bugs: 1, 4, 0, 0)
mysql-server-core-5.7
mysql-source-5.7
mysql-testsuite
mysql-testsuite-5.7

action needed

A new upstream version is available: 5.7.27 high

A new upstream version 5.7.27 is available, you should consider packaging it.

Created: 2019-07-25 Last update: 2019-08-20 12:14

14 security issues in sid high

There are 14 open security issues in sid.

14 important issues:

CVE-2019-2805: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2778: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).
CVE-2019-2739: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2019-2758: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2019-2741: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Log). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2738: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Compiling). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).
CVE-2019-2757: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2797: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2819: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2019-2737: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2017-15365: sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
CVE-2019-2791: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).
CVE-2019-2740: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2774: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Please fix them.

Created: 2017-07-19 Last update: 2019-07-27 04:07

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 3.9.8).

Created: 2017-12-01 Last update: 2019-07-08 20:08

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 2-day delay is over. Check why.

Created: 2019-06-21 Last update: 2019-08-20 18:13

20 bugs tagged patch in the BTS normal

The BTS contains patches fixing 20 bugs, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-08-20 18:04

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

libmysqld-dev could be marked Multi-Arch: same

Created: 2019-06-20 Last update: 2019-08-20 16:11

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-11-15 Last update: 2018-11-15 20:57

testing migrations

excuses:
- 62 days old (2 needed)
- Updating mysql-5.7 introduces new bugs: #853008, #932340
- Piuparts tested OK - https://piuparts.debian.org/sid/source/m/mysql-5.7.html
- Required age reduced by 3 days because of autopkgtest
- Not touching package due to block request by pochu (please contact debian-release if update is needed)
- Not considered

news

[rss feed]

[2019-06-19] Accepted mysql-5.7 5.7.26-1 (source) into unstable (Lars Tangvald) (signed by: Robie Basak)
[2019-01-28] Accepted mysql-5.7 5.7.25-1 (source) into unstable (Lars Tangvald) (signed by: Robie Basak)
[2019-01-09] Accepted mysql-5.7 5.7.24-3 (source) into unstable (Robie Basak)
[2018-11-15] Accepted mysql-5.7 5.7.24-2 (source) into unstable (Robie Basak)
[2018-10-26] Accepted mysql-5.7 5.7.24-1 (source) into unstable (Lars Tangvald) (signed by: Robie Basak)
[2018-09-14] Accepted mysql-5.7 5.7.23-2 (source) into unstable (Robie Basak)
[2018-08-03] Accepted mysql-5.7 5.7.23-1 (source) into unstable (Lars Tangvald) (signed by: Robie Basak)
[2018-06-08] Accepted mysql-5.7 5.7.22-1 (source) into unstable (Lars Tangvald) (signed by: Robie Basak)
[2018-01-31] Accepted mysql-5.7 5.7.21-1 (source) into unstable (Lars Tangvald) (signed by: Robie Basak)
[2018-01-15] Accepted mysql-5.7 5.7.20-2 (source) into unstable (Robie Basak)
[2017-11-30] Accepted mysql-5.7 5.7.20-1 (source) into unstable (Robie Basak)
[2017-04-26] Accepted mysql-5.7 5.7.18-1 (source amd64 all) into unstable (Lars Tangvald) (signed by: Robie Basak)
[2017-02-01] Accepted mysql-5.7 5.7.17-1 (source) into unstable (Lars Tangvald) (signed by: Andreas Beckmann)
[2017-01-03] Accepted mysql-5.7 5.7.16-2 (source) into unstable (Lars Tangvald) (signed by: Dominic Hargreaves)
[2016-11-08] Accepted mysql-5.7 5.7.16-1 (source) into unstable (Lars Tangvald) (signed by: Dominic Hargreaves)
[2016-10-17] Accepted mysql-5.7 5.7.15-1 (source amd64 all) into unstable (Lars Tangvald) (signed by: James Page)
[2016-07-15] Accepted mysql-5.7 5.7.13-1~exp1 (source amd64 all) into experimental, experimental (Robie Basak) (signed by: Andreas Beckmann)

bugs [bug history graph]

all: 132 146
RC: 2
I&N: 77 82
M&W: 51 59
F&P: 2 3
patch: 20

links

homepage
buildd: logs, checks, clang, cross
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.7.27-0ubuntu2
68 bugs (1 patch)
patches for 5.7.27-0ubuntu2