Summary: | databases/mariadb*-server: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Bernard Spil <brnrd> |
Component: | Individual Port(s) | Assignee: | Bernard Spil <brnrd> |
Status: | Closed FIXED | ||
Severity: | Affects Many People | CC: | cyberbotx, fcondo, feld, ports-secteam |
Priority: | Normal | Keywords: | needs-patch, needs-qa, security |
Version: | Latest | Flags: | koobs:
merge-quarterly?
|
Hardware: | Any | ||
OS: | Any | ||
Bug Depends on: | |||
Bug Blocks: | 211248 |
Description
Bernard Spil
2016-07-21 14:41:33 UTC
Assign to maintainer https://mariadb.com/kb/en/mariadb/security/ I'd like to point out, based on the link to Oracle in bug #211248 and the above from MariaDB, they say that MariaDB is based off of MySQL 5.5 and is not affected by vulnerabilities in MySQL 5.6 or MySQL 5.7. Furthermore, all the MySQL 5.5 vulnerabilities have been fixed in the versions of the MariaDB ports that are currently in the ports tree. I think the vuxml entries for the MariaDB ports needs to be corrected as a result. MariaDB has several versions that roughly coordinate with MySQL versions. I believe it looks like this: MariaDB 5.1 == MySQL 5.1 MariaDB 5.2 and 5.3 == MySQL 5.1 + 5.5 backports MariaDB 5.5 == MySQL 5.5 MariaDB 10.0 ~= MySQL 5.6 (not quite everything pulled in) MariaDB 10.1 -- not sure? Between MySQL 5.7 and 6.0? MariaDB isn't quite as different from MariaDB as one might think. We're talking about feature differences while the core is largely identical. If MySQL has a vulnerability, it's extremely likely it's also in MariaDB. A commit references this bug: Author: brnrd Date: Mon Aug 8 09:58:16 UTC 2016 New revision: 419813 URL: https://svnweb.freebsd.org/changeset/ports/419813 Log: security/vuxml: Add versions for lates MariaDB vulns PR: 211274 Changes: head/security/vuxml/vuln.xml |