Bug 212613

Summary: databases/mysql56-server: CVE 2016-6662
Product: Ports & Packages Reporter: Markus Kohlmeyer <rootservice>
Component: Individual Port(s)Assignee: Alex Dupre <ale>
Status: Closed FIXED    
Severity: Affects Many People CC: brnrd, danmcgrath.ca, rootservice
Priority: --- Keywords: security
Version: LatestFlags: bugzilla: maintainer-feedback? (ale)
Hardware: Any   
OS: Any   
URL: http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
Bug Depends on:    
Bug Blocks: 212606    

Description Markus Kohlmeyer 2016-09-12 17:16:35 UTC 
+++ This bug was initially created as a clone of Bug #212606 +++

Cite from linked advisory:


I. VULNERABILITY
-------------------------

MySQL  <= 5.7.15       Remote Root Code Execution / Privilege Escalation (0day)
	  5.6.33
 	  5.5.52

MySQL clones are also affected, including:

MariaDB
PerconaDB
Comment 1 Markus Kohlmeyer 2016-09-14 12:51:50 UTC 
Oracle released a fixed version:
https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html
Comment 2 Danny McGrath 2016-09-24 02:16:11 UTC 
Been a week or two and still no update in the 2016Q3 branch. Any rough ETA of when this might be ported? Thanks!
Comment 3 Markus Kohlmeyer 2016-11-23 17:54:13 UTC 
ping
Comment 4 Bernard Spil freebsd_committer freebsd_triage 2016-11-27 10:48:37 UTC 
Fixed by ports r422245