<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
As noted in the changelog for 5.5.53 at
<a class="moz-txt-link-freetext" href="https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html">https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html</a>,<br>
MySQL 5.5.53 contains a change that requires packaging changes and
could potentially impact users:<br>
<br>
By default the server will restrict the server's access for <font
size="3">SELECT INTO OUTFILE and LOAD DATA operations to
/var/lib/mysql-files, and requires the directory to be present at
startup.<br>
This behavior can be changed at build-time to either turn such
access off completely or make it unrestricted (current behavior).<br>
<br>
We strongly recommend keeping the default behavior to improve the
default security, i.e. change packaging to create the mysql-files
directory. We're not aware of any other packages that rely on this
functionality, but there is a risk of this change disrupting user
workflows.<br>
<br>
--<br>
Lars</font><br>
<br>
<div class="moz-cite-prefix">On 10/17/2016 10:05 AM, Norvald H.
Ryeng wrote:<br>
</div>
<blockquote cite="mid:op.ypgwqxrffswwb0@atum22.no.oracle.com"
type="cite">Source: mysql-5.5
<br>
Version: 5.5.52-0+deb8u1
<br>
Severity: grave
<br>
Tags: security upstream fixed-upstream
<br>
<br>
The Oracle Critical Patch Update for October 2016 will be released
on Tuesday, October 18. According to the pre-release announcement
[1], it will contain information about CVEs fixed in MySQL 5.5.53.
<br>
<br>
The CVE numbers will be available when the CPU is released.
<br>
<br>
Regards,
<br>
<br>
Norvald H. Ryeng
<br>
<br>
[1]
<a class="moz-txt-link-freetext" href="http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html">http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html</a><br>
<br>
_______________________________________________
<br>
pkg-mysql-maint mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:pkg-mysql-maint@lists.alioth.debian.org">pkg-mysql-maint@lists.alioth.debian.org</a>
<br>
<a class="moz-txt-link-freetext" href="http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint">http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint</a>
<br>
</blockquote>
<br>
</body>
</html>