Problem alert GLSA: 200708-10 200804-04 200711-25 These GLSA we alert a security problem for versions below 5.0, while versions dev-db/mysql-4.0.27-r1 and dev-db/mysql-4.1.22-r1 are not subject to various faults . Reproducible: Always Steps to Reproduce: 1.glsa-check -d 200708-10 2.glsa-check -d 200711-25 3.glsa-check -d 200804-04
As hinted in red letters, "Gentoo Bugzilla" is not the correct product to file bugs regarding ebuilds. Please use "New -> Gentoo Linux -> Component: Ebuilds" or New -> Gentoo Security for security issues in future. Iirc, MySQL 4.x isn't really supported anymore. Maybe time to mask all 4.x ebuilds.
(In reply to comment #0) > > These GLSA we alert a security problem for versions below 5.0, while versions > dev-db/mysql-4.0.27-r1 and dev-db/mysql-4.1.22-r1 are not subject to various > faults . > You sure of that? For example, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3780 links to http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html, saying that it was fixed in 4.1.24...
(In reply to comment #2) > (In reply to comment #0) > > > > These GLSA we alert a security problem for versions below 5.0, while versions > > dev-db/mysql-4.0.27-r1 and dev-db/mysql-4.1.22-r1 are not subject to various > > faults . > > > You sure of that? > For example, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3780 links > to http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html, saying that it was > fixed in 4.1.24... > Well, I'm closing as INVALID, feel free to reopen if you can prove that 4.0.27 and 4.1.22 really are not vulnerable.