Re: Request for release team decision on MySQL and MariaDB [was: Re: Bug#793316: [debian-mysql] Bug#793316: transition: mysql-5.6]

To: Otto Kekäläinen <otto@seravo.fi>
Cc: debian-release <debian-release@lists.debian.org>, pkg-mysql-maint <pkg-mysql-maint@lists.alioth.debian.org>, "Robie Basak" <robie.basak@ubuntu.com>, "Debian security team" <team@security.debian.org>
Subject: Re: Request for release team decision on MySQL and MariaDB [was: Re: Bug#793316: [debian-mysql] Bug#793316: transition: mysql-5.6]
From: "Norvald H. Ryeng" <norvald.ryeng@oracle.com>
Date: Mon, 11 Jan 2016 12:54:23 +0100
Message-id: <[🔎] op.ya2ooxhtfswwb0@atum22.no.oracle.com>
In-reply-to: <CAHj_TLC2dRP5AERUtoDUOdt+GMeba5eVZqdY6x56JvjJCLWY0Q@mail.gmail.com>
References: <55AFEE09.3000907@debian.org> <55B0ACE3.3050308@debian.org> <20150723101527.GM3443@mal.justgohome.co.uk> <CAHj_TLDUHV-fBWV7Q1_iT9AHvaOXst7sYfwjKSObgoZbmkYVyA@mail.gmail.com> <20150908220328.GG3691@lupin.home.powdarrmonkey.net> <20150914101112.GP19198@mal.justgohome.co.uk> <20150916210938.GB6248@lupin.home.powdarrmonkey.net> <20151214174524.GB28475@mal.justgohome.co.uk> <20151218213105.GT28475@mal.justgohome.co.uk> <op.x93pnem2fswwb0@nitrogen> <CAHj_TLC2dRP5AERUtoDUOdt+GMeba5eVZqdY6x56JvjJCLWY0Q@mail.gmail.com>

On Mon, 28 Dec 2015 13:28:18 +0100, Otto Kekäläinen <otto@seravo.fi> wrote:

Hello!

2015-12-23 16:39 GMT+02:00 Norvald H. Ryeng <norvald.ryeng@oracle.com>:
..
I know we are a bit tight with info about security issues upstream, butallsecurity bugfixes are available athttps://github.com/mysql/mysql-server asindividual commits, and a list of CVEs fixed is reported quarterlyaccording
to a published schedule. Apparently that's not enough.
As a side note related to this, can you please tell us in what commit
CVE-2015-4913 and CVE-2015-4737 were fixed? You probably have access tosome
internal security tracker where you can look this up, and both CVEs are
already relatively old, so you would not be releasing any sensitivesecurity
info.

All I have is what is public: CVE-2015-4913 was included in the latestCritical Patch Update in October and was fixed in 5.5.46 and 5.6.27.CVE-2015-4737 was included in the July Critical Patch Update and was fixedin 5.5.44 and 5.6.24. Since Debian is already at 5.5.46, these don'taffect Debian any more.

If you're asking because you want to know if these have been fixed inMariaDB, I think you should ask MariaDB upstream instead.


Regards,

Norvald

Reply to:

Follow-Ups:
- Re: Request for release team decision on MySQL and MariaDB [was: Re: Bug#793316: [debian-mysql] Bug#793316: transition: mysql-5.6]
  - From: Otto Kekäläinen <otto@seravo.fi>

Prev by Date: Bug#810683: nmu: openblas_0.2.15-1 atlas_3.10.2-9
Next by Date: По поводу Вашего сайта
Previous by thread: Re: Request for release team decision on MySQL and MariaDB [was: Re: Bug#793316: [debian-mysql] Bug#793316: transition: mysql-5.6]
Next by thread: Re: Request for release team decision on MySQL and MariaDB [was: Re: Bug#793316: [debian-mysql] Bug#793316: transition: mysql-5.6]
Index(es):
- Date
- Thread