Re: Bug#687485: mysql-5.5: CVE-2012-4414
On 21/09/12 12:32, Nicholas Bamber wrote:
> On 20/09/12 22:33, Moritz Muehlenhoff wrote:
>> On Wed, Sep 19, 2012 at 07:07:23PM +0100, Nicholas Bamber wrote:
>>> I am looking at this bug. However the patch involves 45 files. 17 of
>>> these are test files. From what I have seen so far they do not apply
>>> cleanly. Presumably they are meant for 5.5.27 rather than 5.5.24. I have
>>> yet to form a judgement on quite how intractable adapting the patch is
>>> going to be.
>> Due to the intransparent nature of mysql security updates we will need to
>> follow the 5.5.x releases for stable-security anyway. As such I don't see
>> a reason not to upload 5.5.27 during the freeze as well.
> Dear Release Team,
> Are you okay with the following plan?
> 1.) I check that the maraiadb_patch.diff really does apply cleanly
> against 5.5.27.
> 2.) I upload 5.5.24+dfsg-9 with the other pending fixes. (*diff.txt
> 3.) I then upload 5.5.27+dfsg-1 including the mariadb_patch,diff - or if
> oracle have by then released 5.5.28, 5.5.28+dfsg.
Actually it applies no more cleanly against 5.5.27 then 5.5.24. So I
intend to fix the other wheezy worthy stuff and then review.