http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL Affected Ports: databases/mysql55-client, databases/mysql55-server: <= 5.5.49 databases/mysql56-client, databases/mysql56-server: <= 5.6.30 databases/mysql57-client, databases/mysql57-server: <= 5.7.12 Possibly affected Ports: databases/mariadb* databases/percona*
Hi. Thanks for informing about it. I'm not maintainer of mysql55 and mysql56. So *probably* you should 'maintainer-feedback?' them too, or file multiple issues *next time* :D. BTW :) mysql57 is on 5.7.13 so not affected as you pointed '<= 5.7.12'. I'll patch an update on vuxml about it.
(In reply to Mahdi Mokhtari from comment #1) You where auto-assigned by Bugzilla, not me ;) I added MySQL 5.7 so that vuxml will get the needed entries and that users of MySQL <=5.7.12 get informed of their insecure installs and urged to upgrade to current 5.7.13. And yes, next time i'll file multiple Bugs for different versions/ports.
(In reply to Markus Kohlmeyer from comment #2) > I added MySQL 5.7 so that vuxml will get the needed entries and that users of MySQL <=5.7.12 get informed of their insecure installs and urged to upgrade to current 5.7.13. Sure you're right :) That's why i told I'll patch on vuxml ;) Thanks for your infos, again.
@Mohki, @Alex, @Bernard Can you create sub-issues blocking this one for your respective ports please, I'll assign this one as the parent 'tracking' issue to ports-secteam so they can coordinate
Creating a vuxml entry for this
(In reply to Bernard Spil from comment #5) Will create entry for MariaDB only ? or you'll do it for all?
A commit references this bug: Author: brnrd Date: Thu Jul 21 14:58:08 UTC 2016 New revision: 418877 URL: https://svnweb.freebsd.org/changeset/ports/418877 Log: security/vuxml: Add MySQL vulnerabilities from quarterly update - Add MariaDB ports - Add Percona ports PR: 211248 Changes: head/security/vuxml/vuln.xml
(In reply to Mahdi Mokhtari from comment #6) All of them
(In reply to Bernard Spil from comment #8) Okay, Thanks :) I checked your commit diff. I guess you did a small typo :D I think you should change mysql 5.7.13 to 5.7.12
A commit references this bug: Author: brnrd Date: Thu Jul 21 18:25:23 UTC 2016 New revision: 418887 URL: https://svnweb.freebsd.org/changeset/ports/418887 Log: security/vuxml: Current mysql57 is NOT vulnerable PR: 211248 Changes: head/security/vuxml/vuln.xml
(In reply to commit-hook from comment #10) Thanks
Then should we now close issues it depends on? Such as issue#211273
(In reply to Mahdi Mokhtari from comment #12) Bug 211273 can/should only be closed when all of the things that need to be done for it are done (whatever those things are). The commits and comments for mysql57 should have occured on bug 211273 (which is still in the new state with no history) not on this bug. Also, we have no response yet from ale@ on mysql56 @ports-secteam, can you coordinate the version update and merge of mysql56-server and its vuxml entry in a separate (blocking) issue please
(In reply to Kubilay Kocak from comment #13) Okay, Thanks :) So, I guess it can be closed :) cause the only thing was needed for it IMO was the vuxml entry to be updated.
ping
Is there any action left for this ticket?
(In reply to Mark Felder from comment #16) for mysql57 and mariadb* i guess no action left. I afraid mysql55 and 56 still have actions let (cause ale@'s flag is still '?'), but maybe things on these two can be considered as overcome by time. I also am not sure about what is exp-run flag here? (and how we[=maintainers] should do with it) Regards.
A commit references this bug: Author: feld Date: Thu Jan 19 22:29:06 UTC 2017 New revision: 431919 URL: https://svnweb.freebsd.org/changeset/ports/431919 Log: databases/mysql56: Update to 5.6.35 - Port improvements from MySQL 5.7 port - Use system libs instead of bundled - Fix many open PRs - Change MAINTAINER PR: 216244 192657 198812 199751 205093 PR: 209618 211248 205983 209338 Changes: head/databases/mysql56-client/Makefile head/databases/mysql56-client/files/patch-CMakeLists.txt head/databases/mysql56-client/files/patch-extra_CMakeLists.txt head/databases/mysql56-client/files/patch-man_CMakeLists.txt head/databases/mysql56-client/files/patch-mysys_ssl_my_default.cc head/databases/mysql56-client/files/patch-scripts_CMakeLists.txt head/databases/mysql56-client/files/patch-support-files_CMakeLists.txt head/databases/mysql56-client/pkg-message head/databases/mysql56-server/Makefile head/databases/mysql56-server/distinfo head/databases/mysql56-server/files/my.cnf.sample.in head/databases/mysql56-server/files/mysql-server.in head/databases/mysql56-server/files/patch-mysys_ssl_my_default.cc head/databases/mysql56-server/pkg-message head/databases/mysql56-server/pkg-plist
A commit references this bug: Author: brnrd Date: Thu Jan 26 19:58:07 UTC 2017 New revision: 432535 URL: https://svnweb.freebsd.org/changeset/ports/432535 Log: MFH: r431919 r431968 r431975 r432035 r432066 r432458 databases/mysql56: Update to 5.6.35 - Port improvements from MySQL 5.7 port - Use system libs instead of bundled - Fix many open PRs - Change MAINTAINER PR: 216244 192657 198812 199751 205093 PR: 209618 211248 205983 209338 databases/mysql56-server: Rollback rc script changes databases/mysql56-server: Do not install my.cnf sample An issue was discovered where users of mysql did not have a my.cnf and the recent update was causing mysqld to find a sample my.cnf and load its parameters. This was causing errors on startup for users of innodb as the parameters used to init the database did not match the ones in the sample config file it was now reading. databases/mysql56-server: Fix build with LibreSSL - Fix CMake SSL detection - Always set WITH_SSL=${OPENSSLBASE} PR: 216311 Approved by: Mahdi Moktari <mokhi64@gmail.com> (maintainer) Differential Revision: D9272 Revert r432035 part 2, it breaks build with openssl from base With hat: portmgr databases/mysql56-server: Fix OpenSSL linking - Force dynamic linking with OpenSSL Approved by: ports-secteam (feld) Changes: _U branches/2017Q1/ branches/2017Q1/databases/mysql56-client/Makefile branches/2017Q1/databases/mysql56-client/files/patch-CMakeLists.txt branches/2017Q1/databases/mysql56-client/files/patch-cmake_ssl.cmake branches/2017Q1/databases/mysql56-client/files/patch-extra_CMakeLists.txt branches/2017Q1/databases/mysql56-client/files/patch-man_CMakeLists.txt branches/2017Q1/databases/mysql56-client/files/patch-mysys_ssl_my_default.cc branches/2017Q1/databases/mysql56-client/files/patch-scripts_CMakeLists.txt branches/2017Q1/databases/mysql56-client/files/patch-support-files_CMakeLists.txt branches/2017Q1/databases/mysql56-client/pkg-message branches/2017Q1/databases/mysql56-server/Makefile branches/2017Q1/databases/mysql56-server/distinfo branches/2017Q1/databases/mysql56-server/files/my.cnf.sample.in branches/2017Q1/databases/mysql56-server/files/patch-cmake_ssl.cmake branches/2017Q1/databases/mysql56-server/files/patch-mysys_ssl_my_default.cc branches/2017Q1/databases/mysql56-server/pkg-message branches/2017Q1/databases/mysql56-server/pkg-plist
(In reply to Markus Kohlmeyer from comment #20) Is there an outstanding issue here, Markus? This was not clear previously.
I don't see an outstanding issue here, so this pr can be closed. Thanks Mark.