[Pkg-mysql-commits] r2251 - mysql-5.5/branches/unstable/debian

James Downing Page jamespage at moszumanska.debian.org
Fri Jan 17 17:17:17 UTC 2014 

Author: jamespage
Date: 2014-01-17 17:17:17 +0000 (Fri, 17 Jan 2014)
New Revision: 2251

Added:
   mysql-5.5/branches/unstable/debian/NEWS
Modified:
   mysql-5.5/branches/unstable/debian/changelog
Log:
* Sync changes from NMU 5.5.33+dfsg-0+wheezy1:
  - d/NEWS: Add NEWS file to document changes needed to existing databases
    to drop insecure database permissions.

Added: mysql-5.5/branches/unstable/debian/NEWS
===================================================================
--- mysql-5.5/branches/unstable/debian/NEWS	                        (rev 0)
+++ mysql-5.5/branches/unstable/debian/NEWS	2014-01-17 17:17:17 UTC (rev 2251)
@@ -0,0 +1,22 @@
+mysql-5.5 (5.5.35+dfsg-1) unstable; urgency=low
+
+  mysql-server-5.5 ships with the upstream mysql_install_db script which
+  creates a database "test" and sets up permissions that allow anonymous
+  access, without a password, from localhost to the "test" database and
+  any databases starting with "test_" that users might have created
+  after installing mysql-server.
+
+  During the migration of mysql-5.1 to mysql-5.5 in Debian the patches
+  to drop these permissions and the creation of the test databases were
+  not applied. This update resolves this issue for new installations of
+  mysql-server-5.5.
+
+  If you are updating from a previous version of mysql-5.5 it is
+  recommended to check your installation and to drop these privileges
+  and databases manually.
+
+  Further information can be found at the MySQL 5.5 Reference Manual[1].
+
+   [1] http://dev.mysql.com/doc/refman/5.5/en/default-privileges.html
+
+ -- James Page <jamespage at debian.org>  Fri, 17 Jan 2014 17:15:31 +0000

Modified: mysql-5.5/branches/unstable/debian/changelog
===================================================================
--- mysql-5.5/branches/unstable/debian/changelog	2014-01-17 17:13:59 UTC (rev 2250)
+++ mysql-5.5/branches/unstable/debian/changelog	2014-01-17 17:17:17 UTC (rev 2251)
@@ -26,6 +26,9 @@
      - CVE-2014-0412
      - CVE-2014-0420
      - CVE-2014-0437
+  * Sync changes from NMU 5.5.33+dfsg-0+wheezy1:
+    - d/NEWS: Add NEWS file to document changes needed to existing databases
+      to drop insecure database permissions.
 
  -- Clint Byrum <spamaps at debian.org>  Thu, 26 Sep 2013 18:51:57 -0700

More information about the Pkg-mysql-commits mailing list