commit patchinfo.5773 for openSUSE:13.2:Update
Hello community, here is the log from the commit of package patchinfo.5773 for openSUSE:13.2:Update checked in at 2016-11-10 13:16:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/patchinfo.5773 (Old) and /work/SRC/openSUSE:13.2:Update/.patchinfo.5773.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patchinfo.5773" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="5773"> <issue id="999666" tracker="bnc">VUL-0: CVE-2016-6304: openssl: OCSP Status Request extension unbounded memory growth</issue> <issue id="998309" tracker="bnc">VUL-0: CVE-2016-6662: mysql,mariadb: Remote Root Code Execution / Privilege Escalation</issue> <issue id="986251" tracker="bnc">lost+found directory causes mysql_upgrade to fail</issue> <issue id="1005566" tracker="bnc">VUL-0: CVE-2016-5626: mysql: Unspecified vulnerability in subcomponent GIS</issue> <issue id="1005567" tracker="bnc">VUL-0: CVE-2016-5627: mysql: Unspecified vulnerability in subcomponent InnoDB</issue> <issue id="1005562" tracker="bnc">VUL-0: CVE-2016-5616: mysql: Unspecified vulnerability in subcomponent MyISAM</issue> <issue id="1005563" tracker="bnc">VUL-0: CVE-2016-5617: mysql: Unspecified vulnerability in subcomponent Error Handling</issue> <issue id="1005560" tracker="bnc">VUL-0: CVE-2016-5609: mysql: Unspecified vulnerability in subcomponent DML</issue> <issue id="1005561" tracker="bnc">VUL-0: CVE-2016-5612: mysql: Unspecified vulnerability in subcomponent DML</issue> <issue id="983938" tracker="bnc">`After=syslog.target` left-overs in several unit files</issue> <issue id="1005569" tracker="bnc">VUL-0: CVE-2016-5629: mysql: Unspecified vulnerability in subcomponent Federated</issue> <issue id="989919" tracker="bnc">VUL-0: CVE-2016-3521: mysql: Unspecified vulnerability in subcomponent types</issue> <issue id="977614" tracker="bnc">VUL-0: CVE-2016-2105: openssl: EVP_EncodeUpdate overflow</issue> <issue id="989911" tracker="bnc">VUL-0: CVE-2016-3459: mysql: Unspecified vulnerability in subcomponent innodb</issue> <issue id="989913" tracker="bnc">VUL-0: CVE-2016-3477: mysql: Unspecified vulnerability in subcomponent parser</issue> <issue id="989914" tracker="bnc">VUL-0: CVE-2016-3486: mysql: Unspecified vulnerability in subcomponent fts</issue> <issue id="989915" tracker="bnc">VUL-0: CVE-2016-3501: mysql: Unspecified vulnerability in subcomponent optimizer</issue> <issue id="1005581" tracker="bnc">VUL-0: CVE-2016-7440: mysql: Unspecified vulnerability in subcomponent Encryption</issue> <issue id="1005582" tracker="bnc">VUL-0: CVE-2016-8283: mysql: Unspecified vulnerability in subcomponent Types</issue> <issue id="1005583" tracker="bnc">VUL-0: CVE-2016-8284: mysql: Unspecified vulnerability in subcomponent Replication</issue> <issue id="1005586" tracker="bnc">VUL-0: CVE-2016-8288: mysql: Unspecified vulnerability in subcomponent InnoDB Plugin</issue> <issue id="989925" tracker="bnc">VUL-0: CVE-2016-5439: mysql: Unspecified vulnerability in subcomponent privileges</issue> <issue id="971456" tracker="bnc">mariadb installation error: Too many levels of symbolic links</issue> <issue id="990890" tracker="bnc">mariadb - @sysconfdir@ variable is not expanded properly</issue> <issue id="1005558" tracker="bnc">VUL-0: CVE-2016-5584: mysql: Unspecified vulnerability in subcomponent Encryption</issue> <issue id="1005557" tracker="bnc">VUL-0: CVE-2016-5507: mysql: Unspecified vulnerability in subcomponent InnoDB</issue> <issue id="1005570" tracker="bnc">VUL-0: CVE-2016-5630: mysql: Unspecified vulnerability in subcomponent InnoDB</issue> <issue id="1005555" tracker="bnc">VUL-0: CVE-2016-3492: mysql: Unspecified vulnerability in subcomponent Optimizer</issue> <issue id="989926" tracker="bnc">VUL-0: CVE-2016-5440: mysql: Unspecified vulnerability in subcomponent rbr</issue> <issue id="989921" tracker="bnc">VUL-0: CVE-2016-3614: mysql: Unspecified vulnerability in subcomponent encryption</issue> <issue id="989922" tracker="bnc">VUL-0: CVE-2016-3615: mysql: Unspecified vulnerability in subcomponent dml</issue> <issue id="2016-6304" tracker="cve" /> <issue id="2016-3486" tracker="cve" /> <issue id="2016-8288" tracker="cve" /> <issue id="2016-5630" tracker="cve" /> <issue id="2016-8283" tracker="cve" /> <issue id="2016-3521" tracker="cve" /> <issue id="2016-8284" tracker="cve" /> <issue id="2016-5617" tracker="cve" /> <issue id="2016-5616" tracker="cve" /> <issue id="2016-3501" tracker="cve" /> <issue id="2016-5612" tracker="cve" /> <issue id="2016-5440" tracker="cve" /> <issue id="2016-7440" tracker="cve" /> <issue id="2016-5627" tracker="cve" /> <issue id="2016-2105" tracker="cve" /> <issue id="2016-5439" tracker="cve" /> <issue id="2016-3492" tracker="cve" /> <issue id="2016-3615" tracker="cve" /> <issue id="2016-3614" tracker="cve" /> <issue id="2016-5609" tracker="cve" /> <issue id="2016-5507" tracker="cve" /> <issue id="2016-5626" tracker="cve" /> <issue id="2016-6662" tracker="cve" /> <issue id="2016-3459" tracker="cve" /> <issue id="2016-5629" tracker="cve" /> <issue id="2016-3477" tracker="cve" /> <issue id="2016-5584" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>kstreitova</packager> <description> mysql-community-server was updated to 5.6.34 to fix the following issues: * Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html * fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 * fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append "--ignore-db-dir=lost+found" to the mysqld options in "mysql-systemd-helper" script if "lost+found" directory is found in $datadir [boo#986251] - remove syslog.target from *.service files [boo#983938] - add systemd to deps to build on leap and friends - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro - remove useless mysql@default.service [boo#971456] - replace all occurrences of the string "@sysconfdir@" with "/etc" in mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded properly [boo#990890] - remove '%define _rundir' as 13.1 is out of support scope - run 'usermod -g mysql mysql' only if mysql user is not in mysql group. Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have '/bin/false' shell set. - re-enable mysql profiling </description> <summary>Security update for mysql-community-server</summary> </patchinfo>
participants (1)
-
root@hilbert.suse.de