From $URL: Percona has addressed CVE-2016-6663 and CVE-2016-6664 in releases of Percona Server for MySQL and Percona XtraDB Cluster. Percona is happy to announce that the following vulnerabilities are fixed in current releases of Percona Server for MySQL and Percona XtraDB Cluster: CVE-2016-6663: allows a local system user with access to the affected database in the context of a low-privileged account (CREATE/INSERT/SELECT grants) to escalate their privileges and execute arbitrary code as the database system user (typically “mysql”). CVE-2016-6664: can let attackers who have gained access to mysql system user to further escalate their privileges to root user allowing them to fully compromise the system. Users should upgrade to their relevant incremental release. Percona Server 5.5.51-38.2 5.6.32-78-1 5.7.14-8 Percona XtraDB Cluster 5.5.41-37.0 5.6.32-25.17 5.7.14-26.17 Users should update as soon as is practical to ensure protection from these vulnerabilities.
Is isn't clear from the original report in bug 123 if =dev-db/percona-server-5.6.32.78.1 (the version which should be safe according to Percona) is affected or not: The "Affected" listing indicates agreement with Percona due to "<5.6.32-78-1" notation. However the advisory demonstrate the vulnerability against _that_ version later... So we will also remove =dev-db/percona-server-5.6.32.78.1 from tree.
Forget the previous comment. The advisory was about 5.6.32-78-0 ^^^ The fix is explicit listed in 5.6.32-78-1 ^^^ So all done for dev-db/percona-server.
