Since Oracle no longer publishes detailed information about security
vulnerabilities that are being fixed in MySQL, and their bug tracker is
no longer public, Ubuntu must now track upstream MySQL releases as
MySQL 5.0.95 fixes the following CVEs:
CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102,
CVE-2012-0114, CVE-2012-0484, CVE-2012-0490.
MySQL 5.1.61 fixes the following CVEs:
CVE-2011-2262, CVE-2012-0075, CVE-2012-0112, CVE-2012-0113,
CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0117,
CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484,
CVE-2012-0485, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488,
CVE-2012-0489, CVE-2012-0490, CVE-2012-0491, CVE-2012-0492,
CVE-2012-0493, CVE-2012-0494, CVE-2012-0495, CVE-2012-0496.
For more information about the CVEs listed, please consult the January
2012 Oracle Critical Patch Update Advisory:
Today, I have pushed updated MySQL 5.0.95 packages for Ubuntu 8.04 LTS,
and updated MySQL 5.1.61 packages for Ubuntu 10.04 LTS, Ubuntu 10.10,
Ubuntu 11.04 and Ubuntu 11.10 into the -proposed pocket. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.
Please report any issues in the tracking bug:
If no issues are reported, I plan on releasing the packages as security
updates in a couple of weeks.