Candidate: CVE-2013-NNN1
PublicDate: 2013-12-16
References:
Description:
 The mysql-5.5 package misses the patches applied previous in Debian's
 mysql-5.1 to drop the database "test" and the permissions that allow anonymous
 access, without a password, from localhost to the "test" database and any
 databases starting with "test_". This update reintroduces these patches for
 the mysql-5.5 package.
Ubuntu-Description:
Notes:
 jdstrand> Running mysql_secure_installation (generally recommended for
  production environments) will prompt to remove the 'test' database
 jdstrand> Affects new installations of mysql-5.5, not upgrades from mysql-5.1
  and the Debian patch does not remove the 'test' database on upgrades (to
  prevent data loss).
Bugs:
 https://launchpad.net/bugs/1261529
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732306
Priority: low
Discovered-by: Matthias Reichl
Assigned-to: mdeslaur
CVSS: 

Patches_mysql-5.5:
 vendor: http://www.debian.org/security/2013/dsa-2818
upstream_mysql-5.5: needs-triage
lucid_mysql-5.5: DNE
precise_mysql-5.5: released (5.5.37-0ubuntu0.12.04.1)
quantal_mysql-5.5: released (5.5.37-0ubuntu0.12.10.1)
raring_mysql-5.5: ignored (reached end-of-life)
saucy_mysql-5.5: released (5.5.37-0ubuntu0.13.10.1)
trusty_mysql-5.5: not-affected (5.5.35+dfsg-1ubuntu1)
trusty/esm_mysql-5.5: not-affected (5.5.35+dfsg-1ubuntu1)
devel_mysql-5.5: not-affected (5.5.35+dfsg-1ubuntu1)