Summary: | databases/mysql55-server databases/mysql56-server databases/mysql57-server security/vuxml: Update to latest (Fixes security vulnerabilities) | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Dani I. <i.dani> | ||||
Component: | Individual Port(s) | Assignee: | Ports Security Team <ports-secteam> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Many People | CC: | ale, mayhem30, mmokhi, ports-secteam | ||||
Priority: | Normal | Keywords: | needs-patch, security | ||||
Version: | Latest | Flags: | i.dani:
maintainer-feedback?
(ports-secteam) i.dani: maintainer-feedback? (ale) mmokhi: maintainer-feedback+ i.dani: merge-quarterly? |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
URL: | http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html?elq_mid=82786&sh=1426130622150824190926132209290730261531&cmid=SPPT160711P00036C0001#AppendixMSQL | ||||||
Bug Depends on: | |||||||
Bug Blocks: | 221128 | ||||||
Attachments: |
|
Description
Dani I.
2017-07-19 10:20:57 UTC
(In reply to Dani from comment #0) Thanks for reporting :-] The mysql56 is already updated (yesterday) and 57 is hopefully being committed today or tonight. But I'd like to add a point that there are no security fixes in these updates according to release-notes. Therefore, it won't need vuxml. (In reply to Dani from comment #0) @Dani, Oops sorry I didn't see the oracle.com link you've posted :))) yeah, it introduces vulns ``:) A commit references this bug: Author: mmokhi Date: Wed Jul 19 15:15:43 UTC 2017 New revision: 446203 URL: https://svnweb.freebsd.org/changeset/ports/446203 Log: databases/mysql57-{client/server}: Update to 5.7.19 ChangeLog for this update: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html PR: 220849 Reviewed by: mat (mentor) Approved by: mat (mentor) Sponsored by: Netzkommune GmbH Differential Revision: https://reviews.freebsd.org/D11656 Changes: head/databases/mysql57-client/Makefile head/databases/mysql57-client/files/patch-CMakeLists.txt head/databases/mysql57-client/files/patch-mysys_my__symlink.c head/databases/mysql57-server/Makefile head/databases/mysql57-server/distinfo (In reply to commit-hook from comment #3) The update for mysql56 was done yesterday on r446148 A commit references this bug: Author: mmokhi Date: Tue Jul 25 15:04:24 UTC 2017 New revision: 446589 URL: https://svnweb.freebsd.org/changeset/ports/446589 Log: MFH: r446203 databases/mysql57-{client/server}: Update to 5.7.19 ChangeLog for this update: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html PR: 220849 Reviewed by: mat (mentor) Approved by: mat (mentor) Sponsored by: Netzkommune GmbH Differential Revision: https://reviews.freebsd.org/D11656 Approved by: ports-secteam (feld) Changes: _U branches/2017Q3/ branches/2017Q3/databases/mysql57-client/Makefile branches/2017Q3/databases/mysql57-client/files/patch-CMakeLists.txt branches/2017Q3/databases/mysql57-client/files/patch-mysys_my__symlink.c branches/2017Q3/databases/mysql57-server/Makefile branches/2017Q3/databases/mysql57-server/distinfo MySQL 5.5 has not been updated yet and is still vulnerable. Created attachment 184982 [details]
Update to MySQL 5.5.57
databases/mysql55-{server client}: Update to latest 5.5.57
(In reply to Dani from comment #7) Successfully built, installed and tested on FreeBSD 10.3. Looks like ale isn't currently avi (no response in multiple PR's), so it would be nice if this could be looked at by the sec-team, since it's security related. Comment on attachment 184982 [details]
Update to MySQL 5.5.57
Approved by: portmgr (maintainer timeout, 2 weeks)
|