Debian Package Tracker

general

source: mysql-5.7 (main)
version: 5.7.25-1
maintainer: Debian MySQL Maintainers (archive) [DMD]
uploaders: Robie Basak [DMD] – Lars Tangvald [DMD] – Clint Byrum [DMD] – Norbert Tretkowski [DMD] – James Page [DMD]
arch: all any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

unstable: 5.7.25-1

versioned links

5.7.25-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libmysqlclient-dev
libmysqlclient20
libmysqld-dev
mysql-client
mysql-client-5.7
mysql-client-core-5.7
mysql-server
mysql-server-5.7
mysql-server-core-5.7
mysql-source-5.7
mysql-testsuite
mysql-testsuite-5.7

action needed

A new upstream version is available: 5.7.26 high

A new upstream version 5.7.26 is available, you should consider packaging it.

Created: 2019-04-29 Last update: 2019-05-26 02:02

9 security issues in sid high

There are 9 open security issues in sid.

9 important issues:

CVE-2019-2632: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2019-2627: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2614: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2017-15365: sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
CVE-2019-2581: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2592: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2566: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2628: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2683: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Please fix them.

Created: 2017-07-19 Last update: 2019-04-27 06:50

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 3.9.8).

Created: 2017-12-01 Last update: 2019-01-29 08:22

20 bugs tagged patch in the BTS normal

The BTS contains patches fixing 20 bugs, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-05-26 05:33

2 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 14349b00e322f0448f80b2fe472596620349f413
Author: Lars Tangvald <lars.tangvald@oracle.com>
Date:   Tue Jan 29 13:46:35 2019 +0100

    d/changelog: Add entry for disabled mtr test

commit 79ed8ccde4b99b123bc272c620bf52730fcd40f6
Author: Lars Tangvald <lars.tangvald@oracle.com>
Date:   Tue Jan 29 13:45:07 2019 +0100

    d/tests: Disable unstable test for dep8
    
    The test main.xa_prepared_binlog_off was previously disabled during the
    build because it's unstable, but was left in dep8 test suite

Created: 2019-01-31 Last update: 2019-05-26 04:36

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 2-day delay is over. Check why.

Created: 2019-01-31 Last update: 2019-05-26 04:32

Depends on packages which need a new maintainer normal

The packages that mysql-5.7 depends on which need a new maintainer are:

lsb (#924519)
- Depends: lsb-base
- Build-Depends: lsb-release

Created: 2019-03-13 Last update: 2019-05-26 03:36

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

libmysqld-dev could be marked Multi-Arch: same

Created: 2018-10-27 Last update: 2019-05-26 02:09

lintian reports 44 warnings normal

Lintian reports 44 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-03-13 Last update: 2019-03-13 05:43

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-11-15 Last update: 2018-11-15 20:57

testing migrations

excuses:
- 117 days old (2 needed)
- Updating mysql-5.7 introduces new bugs: #853008, #927308
- Piuparts tested OK - https://piuparts.debian.org/sid/source/m/mysql-5.7.html
- Required age reduced by 3 days because of autopkgtest
- Not touching package due to block request by pochu (please contact debian-release if update is needed)
- Not considered

news

[rss feed]

[2019-01-28] Accepted mysql-5.7 5.7.25-1 (source) into unstable (Lars Tangvald) (signed by: Robie Basak)
[2019-01-09] Accepted mysql-5.7 5.7.24-3 (source) into unstable (Robie Basak)
[2018-11-15] Accepted mysql-5.7 5.7.24-2 (source) into unstable (Robie Basak)
[2018-10-26] Accepted mysql-5.7 5.7.24-1 (source) into unstable (Lars Tangvald) (signed by: Robie Basak)
[2018-09-14] Accepted mysql-5.7 5.7.23-2 (source) into unstable (Robie Basak)
[2018-08-03] Accepted mysql-5.7 5.7.23-1 (source) into unstable (Lars Tangvald) (signed by: Robie Basak)
[2018-06-08] Accepted mysql-5.7 5.7.22-1 (source) into unstable (Lars Tangvald) (signed by: Robie Basak)
[2018-01-31] Accepted mysql-5.7 5.7.21-1 (source) into unstable (Lars Tangvald) (signed by: Robie Basak)
[2018-01-15] Accepted mysql-5.7 5.7.20-2 (source) into unstable (Robie Basak)
[2017-11-30] Accepted mysql-5.7 5.7.20-1 (source) into unstable (Robie Basak)
[2017-04-26] Accepted mysql-5.7 5.7.18-1 (source amd64 all) into unstable (Lars Tangvald) (signed by: Robie Basak)
[2017-02-01] Accepted mysql-5.7 5.7.17-1 (source) into unstable (Lars Tangvald) (signed by: Andreas Beckmann)
[2017-01-03] Accepted mysql-5.7 5.7.16-2 (source) into unstable (Lars Tangvald) (signed by: Dominic Hargreaves)
[2016-11-08] Accepted mysql-5.7 5.7.16-1 (source) into unstable (Lars Tangvald) (signed by: Dominic Hargreaves)
[2016-10-17] Accepted mysql-5.7 5.7.15-1 (source amd64 all) into unstable (Lars Tangvald) (signed by: James Page)
[2016-07-15] Accepted mysql-5.7 5.7.13-1~exp1 (source amd64 all) into experimental, experimental (Robie Basak) (signed by: Andreas Beckmann)

bugs [bug history graph]

all: 132 146
RC: 2
I&N: 77 82
M&W: 51 59
F&P: 2 3
patch: 20

links

homepage
lintian (0, 44)
buildd: logs, checks, clang, cross
popcon
debci
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.7.26-0ubuntu1
74 bugs (1 patch)
patches for 5.7.26-0ubuntu1