MySQL is affected by 22 newly released vulnerabilities. Assumption is that all versions of MariaDB are also affected databases/mariadb55-server databases/mariadb100-server databases/mariadb101-server databases/mariadb55-client databases/mariadb100-client databases/mariadb101-client
Assign to maintainer
https://mariadb.com/kb/en/mariadb/security/ I'd like to point out, based on the link to Oracle in bug #211248 and the above from MariaDB, they say that MariaDB is based off of MySQL 5.5 and is not affected by vulnerabilities in MySQL 5.6 or MySQL 5.7. Furthermore, all the MySQL 5.5 vulnerabilities have been fixed in the versions of the MariaDB ports that are currently in the ports tree. I think the vuxml entries for the MariaDB ports needs to be corrected as a result.
MariaDB has several versions that roughly coordinate with MySQL versions. I believe it looks like this: MariaDB 5.1 == MySQL 5.1 MariaDB 5.2 and 5.3 == MySQL 5.1 + 5.5 backports MariaDB 5.5 == MySQL 5.5 MariaDB 10.0 ~= MySQL 5.6 (not quite everything pulled in) MariaDB 10.1 -- not sure? Between MySQL 5.7 and 6.0? MariaDB isn't quite as different from MariaDB as one might think. We're talking about feature differences while the core is largely identical. If MySQL has a vulnerability, it's extremely likely it's also in MariaDB.
A commit references this bug: Author: brnrd Date: Mon Aug 8 09:58:16 UTC 2016 New revision: 419813 URL: https://svnweb.freebsd.org/changeset/ports/419813 Log: security/vuxml: Add versions for lates MariaDB vulns PR: 211274 Changes: head/security/vuxml/vuln.xml