212615 – databases/mariadb55-server: CVE 2016-6662

Bug 212615 - databases/mariadb55-server: CVE 2016-6662

Summary: databases/mariadb55-server: CVE 2016-6662

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Bernard Spil

URL:	http://legalhackers.com/advisories/My...
Keywords:	security

Depends on:
Blocks:	212606
	Show dependency tree / graph

Reported:	2016-09-12 17:20 UTC by Markus Kohlmeyer
Modified:	2016-09-28 19:09 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (never) koobs: merge-quarterly?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Markus Kohlmeyer 2016-09-12 17:20:14 UTC

+++ This bug was initially created as a clone of Bug #212606 +++

Cite from linked advisory:


I. VULNERABILITY
-------------------------

MySQL  <= 5.7.15       Remote Root Code Execution / Privilege Escalation (0day)
	  5.6.33
 	  5.5.52

MySQL clones are also affected, including:

MariaDB
PerconaDB

Comment 1 Bernard Spil freebsd_committer

2016-09-13 10:07:42 UTC

MariaDB 5.5.51 already contains a fix for CVE-2016-6662
https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/

Comment 2 Kubilay Kocak freebsd_committer

2016-09-13 10:32:12 UTC

@Bernard,  please confirm the update has been merged to the quarterly branch and comment on whether mysql56-server and mysql57-server have also been resolved/merged

Comment 3 Bernard Spil freebsd_committer

2016-09-14 07:09:55 UTC

This vulnerability was already fixed in 5.5.51
http://svnweb.freebsd.org/changeset/ports/420094

Comment 4 Bernard Spil freebsd_committer

2016-09-14 07:13:55 UTC

MFH request pending

Comment 5 Bernard Spil freebsd_committer

2016-09-28 19:09:28 UTC

Closed by ports r422133