Re: [SECURITY] [DLA 447-1] mysql-5.5 security update

[Bjoern Nyjorden <brn@iinet.net.au>]

Hi there;

As at: 20160501-0739 +0000 (UTC): Updated packages DO NOT APPEAR at the 
Australian Mirror (IP: 150.203.164.61) of:

  http://security.debian.org/debian-security/pool/updates/main/m/mysql-5.5/

Can someone please ensure that the updated packages are pushed out to 
the Australian Mirror at the earliest opportunity.

Yours sincerely,
Bjoern.

On 30/04/16 17:29, Santiago Ruano Rincón wrote:
> Package        : mysql-5.5
> Version        : 5.5.49-0+deb7u1
> CVE ID         : CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643
>                   CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648
>                   CVE-2016-0649 CVE-2016-0650 CVE-2016-0666 CVE-2016-2047
> Debian Bug     : 821100
>
> Several vulnerabilities have been discovereded in the MySQL database server,
> which are fixed in the new upstream version 5.5.49. Please see the MySQL 5.5
> Release Notes and Oracle's Critical Patch Update advisory for further details:
>
>   https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-48.html
>   https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-49.html
>   http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
>
> For Debian 7 "Wheezy", these issues have been fixed in mysql-5.5 version
> 5.5.49-0+deb7u1. We recommend you to upgrade your mysql-5.5 packages.
>
> Learn more about the Debian Long Term Support (LTS) Project and how to
> apply these updates at: https://wiki.debian.org/LTS/