-
mysql-5.1 (5.1.63-0ubuntu0.11.04.1) natty-security; urgency=low
* SECURITY UPDATE: Update to 5.1.63 to fix security issues (LP: #1011371)
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html
-- Marc Deslauriers <email address hidden> Mon, 11 Jun 2012 07:25:44 -0400
-
mysql-5.1 (5.1.62-0ubuntu0.11.04.1) natty-security; urgency=low
* SECURITY UPDATE: Update to 5.1.62 to fix security issues (LP: #965523)
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html
-- Marc Deslauriers <email address hidden> Tue, 27 Mar 2012 10:18:29 -0400
-
mysql-5.1 (5.1.61-0ubuntu0.11.04.1) natty-security; urgency=low
* SECURITY UPDATE: Update to 5.1.61 to fix multiple security issues
(LP: #937869)
- http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
- CVE-2011-2262
- CVE-2012-0075
- CVE-2012-0112
- CVE-2012-0113
- CVE-2012-0114
- CVE-2012-0115
- CVE-2012-0116
- CVE-2012-0117
- CVE-2012-0118
- CVE-2012-0119
- CVE-2012-0120
- CVE-2012-0484
- CVE-2012-0485
- CVE-2012-0486
- CVE-2012-0487
- CVE-2012-0488
- CVE-2012-0489
- CVE-2012-0490
- CVE-2012-0491
- CVE-2012-0492
- CVE-2012-0493
- CVE-2012-0494
- CVE-2012-0495
- CVE-2012-0496
-- Marc Deslauriers <email address hidden> Wed, 22 Feb 2012 08:30:45 -0500
-
mysql-5.1 (5.1.54-1ubuntu4) natty; urgency=low
[Clint Byrum]
* export configured source dir as binary package. -- needed for some
plugins to build.
[Chuck Short]
* debian/control: Fix conflict when installing mysql-client.
(LP: #712479)
-- Clint Byrum <email address hidden> Wed, 02 Feb 2011 11:46:14 -0800
-
mysql-5.1 (5.1.54-1ubuntu3) natty; urgency=low
* debian/mysql-server-core-5.1.files, debian/mysql-client-5.1.files:
Fix upgrade from 5.1.49. (LP: #710976)
-- Chuck Short <email address hidden> Tue, 01 Feb 2011 09:45:41 -0500
-
mysql-5.1 (5.1.54-1ubuntu2) natty; urgency=low
* Fix FTBFS.
-- Chuck Short <email address hidden> Sun, 30 Jan 2011 14:29:29 -0500
-
mysql-5.1 (5.1.54-1ubuntu1) natty; urgency=low
* Synchronize from Debian Experimental:
* Merge from debian unstable:
+ debian/control:
* Update maintainer according to spec.
* Move section from "misc" to "database".
* Added libmysqlclient16-dev an empty transitional package.
* Added mysql-client-core-5.1 package.
* Suggest mailx for mysql-server-5.1
* Add mysql-testsuite package so you can run the testsuite seperately.
+ debian/additions/my.cnf:
* Remove language options. Error message files are located in a different directory in Mysql
5.0. Setting the language option to use /usr/share/mysql/english breaks Mysql 5.0. Both 5.0
and 5.1 use a different value that works. (LP: #316974)
+ Add apparmor profile:
+ debian/apparmor-profile: apparmor-profile
+ debian/rules, debian/mysql-server-5.1.files: install apparmor profile
+ debian/mysql-server-5.1.dirs: add etc/apparmor.d/fore-complain
+ debian/mysql-server-5.1.postrm: remove symlink in force-complain/ on purge.
+ debian/mysql-server-5.1.README.Debian: add apparmor documentation.
+ debian/additions/my.cnf: Add warning about apparmor. (LP: #201799)
+ debian/mysql-server-5.1.postinst: reload apparmor profiles
* Convert the package from sysvinit to upstart:
+ debian/mysql-server-5.1.mysql.upstart: Add upstart script.
+ debian/mysql-server-5.1.mysql.init: Dropped, unused now with upstart.
+ debian/additions/mysqld_safe_syslog.cnf: Dropped, unused now with upstart.
+ debian/additons/my.cnf: Remove pid declaration and setup error logging to /var/log/mysql since
we're not piping anything around logger anymore.
+ debian/rules, debian/mysql-server-5.1.logcheck.ignore.{paranoid,worstation},
debian/mysql-server-5.1.logcheck.ignore.server: : Remove references to mysqld_safe
+ debian/patches/38_scripts_mysqld_safe.sh_signals.dpatch: Dropped
* Added -fno-strict-aliasing to CFLAGS to get around mysql testsuite build failures.
* Add Apport hook (LP: #354188):
+ debian/mysql-server-5.1.py: apport package hook
+ debian/rules: Make it installable
* debian/mysql-server-5.1.mysql-server.logrotate: Check to see if mysql is running before
running logrotate. (LP: #513135)
* Make the testsuite installable. (LP: #530752)
+ debian/mysql-server-5.1.files, debian/rules: install apport package hook
* debian/mysql-server-5.1.preinst: Set mysql user's home directory
to /nonexistent to protect against having the /var/lib/mysql
user-writeable. If an attacker can trick mysqld into creating
dot files in the home directory, he could do .rhost-like attacks
on the system. (LP: #293258)
* debian/control: mysql-client-5.1 should depend on mysql-core-client-5.1.
(LP: #590952)
* debian/mysql-server.5.1.postinst: Specify the mysql user when installing
the mysql databases. (LP: #591875)
* Installing mysql_config_pic in /usr/bin so users of libmysqld-pic
can extract the appropriate compile flags. (LP: #605021)
-- Chuck Short <email address hidden> Wed, 26 Jan 2011 09:19:25 -0500
-
mysql-5.1 (5.1.49-1ubuntu9) natty; urgency=low
* debian/mysql-server-5.1.mysql.upstart, debian/control: use AppArmor
helper, available since upstart 0.6.7-3.
-- Kees Cook <email address hidden> Fri, 14 Jan 2011 13:11:24 -0800
-
mysql-5.1 (5.1.49-1ubuntu8.1) maverick-security; urgency=low
* SECURITY UPDATE: denial of service via incorrect propagation of type
errors.
- debian/patches/61_CVE-2010-3833.dpatch: properly check for execution
errors in sql/item_func.cc. Add tests to mysql-test/*.
- CVE-2010-3833
* SECURITY UPDATE: denial of service via derived table materializing.
- debian/patches/61_CVE-2010-3834.dpatch: handle temporary tables in
sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*.
- CVE-2010-3834
* SECURITY UPDATE: denial of service via user-variable assignment
expression.
- debian/patches/61_CVE-2010-3835.dpatch: fix logic in sql/item_func.*,
Add tests to mysql-test/*.
- CVE-2010-3835
* SECURITY UPDATE: denial of service via pre-evaluation of LIKE
predicates during view preparation.
- debian/patches/61_CVE-2010-3836.dpatch: make sure we're not in view
preparation mode in sql/item_cmpfunc.cc. Add tests to mysql-test/*.
- CVE-2010-3836
* SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and
WITH ROLLUP together.
- debian/patches/61_CVE-2010-3837.dpatch: create a copy of the order
structures in sql/item_sum.cc, sql/table.h. Add tests to
mysql-test/*.
- CVE-2010-3837
* SECURITY UPDATE: denial of service via longblob and union or update
with subquery.
- debian/patches/61_CVE-2010-3838.dpatch: handle REAL_RESULT in
sql/item_func.cc. Add tests to mysql-test/*.
- CVE-2010-3838
* SECURITY UPDATE: denial of service via certain queries with nested
joins.
- debian/patches/61_CVE-2010-3839.dpatch: fix nesting in
sql/sql_select.cc. Add tests to mysql-test/*.
- CVE-2010-3839
* SECURITY UPDATE: denial of service via PolyFromWKB() function and
improper data.
- debian/patches/61_CVE-2010-3840.dpatch: improve data handling in
sql/spatial.cc. Add tests to mysql-test/*.
- CVE-2010-3840
* debian/patches/62_disable_longfilename_test.dpatch: disable the
partition_rename_longfilename test as it fails when building with
sbuild and schroots.
-- Marc Deslauriers <email address hidden> Tue, 09 Nov 2010 12:58:03 -0500
-
mysql-5.1 (5.1.49-1ubuntu8) maverick; urgency=low
* raising kill timeout to 300 to help avoid table corruption (LP: #620441)
-- Clint Byrum <email address hidden> Wed, 08 Sep 2010 09:36:13 -0700
