[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2103-1] debian-security-support update: libqb and mysql-5.5 end

Package        : debian-security-support
Version        : 2019.12.12~deb8u2

debian-security-support, the Debian security support coverage checker,
has been updated in jessie-security.

This marks the end of life of the libqb package in jessie.  A recently
reported vulnerability against libqb which allows users to overwrite
arbitrary files via a symlink attack cannot be adequately addressed in
libqb in jessie.  Upstream no longer supports this version and no
packages in jessie depend upon libqb.

We recommend that if your systems or applications depend upon the libqb
package provided from the Debian archive that you upgrade your systems
to a more recent Debian release or find an alternate and up to date
source of libqb packages.

Additionally, MySQL 5.5 is no longer supported.  Upstream has ended its
support and we are unable to backport fixes from newer versions due to
the lack of patch details. Options are to switch to MariaDB 10.0 in
jessie or to a newer version of MySQL in more recent Debian releases.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to: