766339 – (CVE-2021-1998, CVE-2021-2001, CVE-2021-2002, CVE-2021-2006, CVE-2021-2007, CVE-2021-2009, CVE-2021-2010, CVE-2021-2011, CVE-2021-2012, CVE-2021-2014, CVE-2021-2016, CVE-2021-2019, CVE-2021-2020, CVE-2021-2021, CVE-2021-2022, CVE-2021-2024, CVE-2021-2028, CVE-2021-2030, CVE-2021-2031, CVE-2021-2032, CVE-2021-2036, CVE-2021-2038, CVE-2021-2042, CVE-2021-2046, CVE-2021-2048, CVE-2021-2055, CVE-2021-2056, CVE-2021-2058, CVE-2021-2060, CVE-2021-2061, CVE-2021-2065, CVE-2021-2070, CVE-2021-2072, CVE-2021-2076, CVE-2021-2081, CVE-2021-2087, CVE-2021-2088, CVE-2021-2122) <dev-db/mysql-{5.7.33,8.0.23}: multiple vulnerabilities (CPU Jan 2021)

Bug 766339 (CVE-2021-1998, CVE-2021-2001, CVE-2021-2002, CVE-2021-2006, CVE-2021-2007, CVE-2021-2009, CVE-2021-2010, CVE-2021-2011, CVE-2021-2012, CVE-2021-2014, CVE-2021-2016, CVE-2021-2019, CVE-2021-2020, CVE-2021-2021, CVE-2021-2022, CVE-2021-2024, CVE-2021-2028, CVE-2021-2030, CVE-2021-2031, CVE-2021-2032, CVE-2021-2036, CVE-2021-2038, CVE-2021-2042, CVE-2021-2046, CVE-2021-2048, CVE-2021-2055, CVE-2021-2056, CVE-2021-2058, CVE-2021-2060, CVE-2021-2061, CVE-2021-2065, CVE-2021-2070, CVE-2021-2072, CVE-2021-2076, CVE-2021-2081, CVE-2021-2087, CVE-2021-2088, CVE-2021-2122) - <dev-db/mysql-{5.7.33,8.0.23}: multiple vulnerabilities (CPU Jan 2021)

Summary: <dev-db/mysql-{5.7.33,8.0.23}: multiple vulnerabilities (CPU Jan 2021)

Status:	RESOLVED FIXED

Alias:	CVE-2021-1998, CVE-2021-2001, CVE-2021-2002, CVE-2021-2006, CVE-2021-2007, CVE-2021-2009, CVE-2021-2010, CVE-2021-2011, CVE-2021-2012, CVE-2021-2014, CVE-2021-2016, CVE-2021-2019, CVE-2021-2020, CVE-2021-2021, CVE-2021-2022, CVE-2021-2024, CVE-2021-2028, CVE-2021-2030, CVE-2021-2031, CVE-2021-2032, CVE-2021-2036, CVE-2021-2038, CVE-2021-2042, CVE-2021-2046, CVE-2021-2048, CVE-2021-2055, CVE-2021-2056, CVE-2021-2058, CVE-2021-2060, CVE-2021-2061, CVE-2021-2065, CVE-2021-2070, CVE-2021-2072, CVE-2021-2076, CVE-2021-2081, CVE-2021-2087, CVE-2021-2088, CVE-2021-2122

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://www.oracle.com/security-alert...
Whiteboard:	B3 [glsa+ cve]
Keywords:

Depends on:	789243
Blocks:
	Show dependency tree

Reported:	2021-01-21 02:57 UTC by John Helmert III
Modified:	2021-05-26 09:52 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	dev-db/mysql-5.7.33 dev-db/mysql-8.0.23
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2021-01-21 02:57:23 UTC

Numerous vulnerabilities for MySQL were released in their January
2021 CPU, not all of which are fixed in the versions in tree, so please bump.

Comment 1 Larry the Git Cow gentoo-dev

2021-01-21 22:32:24 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83a86eee469fdc6c81ce73e5a39e0a66f5309753

commit 83a86eee469fdc6c81ce73e5a39e0a66f5309753
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-01-21 21:14:54 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-01-21 22:32:10 +0000

    dev-db/mysql: bump to v8.0.23
    
    Closes: https://bugs.gentoo.org/763960
    Bug: https://bugs.gentoo.org/766339
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-db/mysql/Manifest            |    2 +
 dev-db/mysql/mysql-8.0.23.ebuild | 1159 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 1161 insertions(+)

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2021-02-01 15:22:24 UTC

@ arches,

please test and mark stable:

=dev-db/mysql-5.7.33 amd64 arm arm64 ia64 ppc ppc64 x86
=dev-db/mysql-8.0.23 amd64 arm arm64 ia64 ppc ppc64 x86


# Official test instructions:
ulimit -n 16500 && \
USE='perl server' \
FEATURES='test userpriv -usersandbox' \
ebuild mysql-X.X.XX.ebuild \
digest clean package

Note: <mysql-8 will need USE=latin1 for tests!

Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev

2021-02-03 23:56:08 UTC

x86 stable

Comment 4 Mikle Kolyada (RETIRED) archtester

2021-02-26 08:50:11 UTC

amd64 stable

Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev

2021-05-09 23:58:13 UTC

Superseded by bug 789243.

Comment 6 NATTkA bot gentoo-dev

2021-05-10 00:00:34 UTC

Resetting sanity check; keywords are not fully specified and arches are not CC-ed.

Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev

2021-05-24 18:07:58 UTC

Added to an existing GLSA request.

Comment 8 GLSAMaker/CVETool Bot gentoo-dev

2021-05-26 09:52:30 UTC

This issue was resolved and addressed in
 GLSA 202105-27 at https://security.gentoo.org/glsa/202105-27
by GLSA coordinator Thomas Deutschmann (whissi).