Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 616486 (CVE-2017-3308, CVE-2017-3309, CVE-2017-3329, CVE-2017-3450, CVE-2017-3452, CVE-2017-3453, CVE-2017-3456, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3599, CVE-2017-3600) - <dev-db/mysql-5.6.36: multiple vulnerabilities (CPU Apr 2017)
Summary: <dev-db/mysql-5.6.36: multiple vulnerabilities (CPU Apr 2017)
Status: RESOLVED FIXED
Alias: CVE-2017-3308, CVE-2017-3309, CVE-2017-3329, CVE-2017-3450, CVE-2017-3452, CVE-2017-3453, CVE-2017-3456, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3599, CVE-2017-3600
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://www.oracle.com/technetwork/sec...
Whiteboard: A2 [glsa+ cve]
Keywords:
Depends on: CVE-2017-3633, CVE-2017-3634, CVE-2017-3637, CVE-2017-3647, CVE-2017-3649
Blocks: 627892
  Show dependency tree
 
Reported: 2017-04-24 11:54 UTC by Agostino Sarubbo
Modified: 2018-02-20 00:59 UTC (History)
1 user (show)

See Also:
Package list:
=dev-db/mysql-5.6.36
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-04-24 11:54:11 UTC 
Details at $URL.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Brian Evans (RETIRED) gentoo-dev 2017-05-08 17:53:13 UTC 
@ Arches, please test and mark stable.
The test suite should pass following the official instructions.
Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances)

Target keywords:
=dev-db/mysql-5.6.36 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86

# Official test instructions:
# USE='server embedded extraengine perl openssl static-libs' \
# FEATURES='test userpriv -usersandbox' \
# ebuild mysql-5.6.36.ebuild \
# digest clean package

# Parallel testing is enabled, auto will try to detect number of cores
# You may set this by hand.
# The default maximum is 8 unless MTR_MAX_PARALLEL is increased
export MTR_PARALLEL="${MTR_PARALLEL:-auto}"
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2017-05-09 05:46:34 UTC 
Brian, does the stabilization cover the blocking bug, or should we split them up? (if it does we will just this one to be blocker).
Comment 3 Brian Evans (RETIRED) gentoo-dev 2017-05-09 12:25:28 UTC 
(In reply to Yury German from comment #2)
> Brian, does the stabilization cover the blocking bug, or should we split
> them up? (if it does we will just this one to be blocker).

Yes, according to the Oracle advisory link, CVE-2017-3305 affects <=5.5.55 and <=5.6.35
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2017-05-10 10:53:52 UTC 
Stable for HPPA.
Comment 5 Markus Meier gentoo-dev 2017-05-13 06:26:03 UTC 
arm stable
Comment 6 Michael Weber (RETIRED) gentoo-dev 2017-05-15 11:21:41 UTC 
ppc ppc64 stable.
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2017-05-22 17:32:32 UTC 
Stable on alpha.
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2017-06-25 10:26:06 UTC 
ia64 stable
Comment 9 Tobias Klausmann (RETIRED) gentoo-dev 2017-07-16 09:41:15 UTC 
Stable on amd64.
Comment 10 Yury German Gentoo Infrastructure gentoo-dev 2017-08-15 04:45:20 UTC 
Finishing stabilization in bug #625626
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2018-02-20 00:59:54 UTC 
This issue was resolved and addressed in
 GLSA 201802-04 at https://security.gentoo.org/glsa/201802-04
by GLSA coordinator Thomas Deutschmann (whissi).