Bug 241870 - databases/mysql56-server: Update to 5.6.46 (< 5.6.46 is vulnerable to many CVE's)
Summary: databases/mysql56-server: Update to 5.6.46 (< 5.6.46 is vulnerable to many CV...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Jochen Neumeister
URL: https://dev.mysql.com/doc/relnotes/my...
Keywords: needs-patch, needs-qa, security
Depends on:
Blocks:
 
Reported: 2019-11-11 02:23 UTC by tech-lists
Modified: 2020-01-20 11:28 UTC (History)
7 users (show)

See Also:
bugzilla: maintainer-feedback? (mmokhi)
koobs: merge-quarterly?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description tech-lists 2019-11-11 02:23:40 UTC
Hi,

The latest mysql56-server in ports is 5.6.45 which is vulnerable.
https://vuxml.freebsd.org/freebsd/fc91f2ef-fd7b-11e9-a1c7-b499baebfeaf.html
Comment 1 tech-lists 2019-11-27 16:42:27 UTC
Is this going to be EoL'd?

I don't see any notification for mysql56 on https://www.mysql.com/support/eol-notice.html
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2019-12-04 05:46:44 UTC
I see no reference to a security issue in 5.6.46 release notes [1] 

https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-46.html

However, they are mentioned in a reference in the VuXML entry:

https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixMSQL

@Mahdi Could you prioritize this update? These vulnerabilities were announced October 2019

Note: VuXML entry added 02 Nov 2019 in ports r516329
Comment 3 Jochen Neumeister freebsd_committer 2019-12-05 18:14:01 UTC
Hello,
the maintainer is unfortunately very busy at the moment, and I am currently taking over his work with his approval.
Comment 4 Jochen Neumeister freebsd_committer 2020-01-20 11:28:56 UTC
landed in r521874