Re: [SECURITY] [DSA 2780-1] mysql-5.1 security update
How soon are these updates supposed to show up in the repositories?
I've been updating the package list since Michael Gilbert's message
appeared on the list earlier in the day and there's no indication that a
new package is available for mysql 5.1.
According to apt-cache after an immediate update to the package lists:
Package: mysql-server-core-5.1
Source: mysql-5.1
Version: 5.1.66-0+squeeze1
Package: mysql-server-5.1
Source: mysql-5.1
Version: 5.1.66-0+squeeze1
Using these apt sources:
deb ftp://ftp.us.debian.org/debian/ squeeze main contrib non-free
deb http://security.debian.org/ squeeze/updates main contrib non-free
On 10/18/2013 06:50, Moritz Muehlenhoff wrote:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-2780-1 security@debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> October 18, 2013 http://www.debian.org/security/faq
> -------------------------------------------------------------------------
>
> Package : mysql-5.1
> Vulnerability : several
> Problem type : local
> Debian-specific: no
> CVE ID : CVE-2012-2750 CVE-2013-3839
>
> This DSA updates the MySQL database to 5.1.72. This fixes multiple
> unspecified security problems in the Optimizer component:
> http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
>
> For the oldstable distribution (squeeze), these problems have been fixed in
> version 5.1.72-2.
>
> We recommend that you upgrade your mysql-5.1 packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
>
>
Reply to: