Oracle released 5.6.44, closes multiple vulnerabilities including four which are remotely exploitable without a valid login. See: https://vuxml.freebsd.org/freebsd/4e1997e8-5de0-11e9-b95c-b499baebfeaf.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
This version is still pending release from Oracle.
issue is fixed in a commit on PR 237399 by commit ports r500373.