158039 – glsa-check flags GLSA 200606-13 for dev-db/mysql-4.1.22

Bug 158039 - glsa-check flags GLSA 200606-13 for dev-db/mysql-4.1.22

Summary: glsa-check flags GLSA 200606-13 for dev-db/mysql-4.1.22

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-12-13 08:50 UTC by Neil Bothwick
Modified:	2006-12-13 12:17 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Neil Bothwick 2006-12-13 08:50:45 UTC

# glsa-check -t all
This system is affected by the following GLSAs:
200606-13

# glsa-check -d 200606-13

                   GLSA 200606-13:
MySQL: SQL Injection
============================================================================
Synopsis:          MySQL is vulnerable to an SQL Injection flaw in the
                   multi-byte encoding process.
Announced on:      June 11, 2006
Last revised on:   August 05, 2006: 03

Affected package:  dev-db/mysql
Affected archs:    All
Vulnerable:        <5.0.22
Unaffected:        >=5.0.22 >=~4.1.20 >=~4.1.21 <4.1


# emerge -pv dev-db/mysql

[ebuild   R   ] dev-db/mysql-4.1.22  USE="berkdb -big-tables -cluster -debug -embedded -extraengine -latin1 -minimal perl -raid (-selinux) -srvdir ssl -static" 0 kB


As you can see, the GLSA says mysql 4.1.22 is safe, yet glsa-check says my system is affected.

Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev

2006-12-13 11:56:11 UTC

I updated the GLSA to include 4.1.22 as unaffected, thanks for notifying us. Unfortunately this can't be circumvented due to issues kinda discussed in bug 106677.

Comment 2 Neil Bothwick 2006-12-13 12:17:38 UTC

Understood.