Comment 1 Brian Evans (RETIRED) 2015-04-16 13:01:27 UTC

Arches, please test and mark stable.

Target keywords:
dev-db/mysql-5.6.24 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86

# Official test instructions:
# USE='embedded extraengine perl ssl static-libs community' \
# FEATURES='test userpriv -usersandbox' \
# ebuild mysql-5.6.24.ebuild \
# digest clean package

Parallel testing is on by default and can be set with MTR_PARALLEL=x (default is attempted to be num cpus/cores as read by perl via /proc/cpuinfo) up to MTR_MAX_PARALLEL=x (default 8).  These may be set as additional environment variables to the above command.

Comment 2 GLSAMaker/CVETool Bot 2015-04-17 04:33:19 UTC

CVE-2015-2573 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2573):
  Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and
  5.6.22 and earlier, allows remote authenticated users to affect availability
  via vectors related to DDL.

CVE-2015-2571 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2571):
  Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and
  5.6.23 and earlier, allows remote authenticated users to affect availability
  via unknown vectors related to Server : Optimizer.

CVE-2015-2568 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2568):
  Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and
  5.6.22 and earlier, allows remote attackers to affect availability via
  unknown vectors related to Server : Security : Privileges.

CVE-2015-2567 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2567):
  Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows
  remote authenticated users to affect availability via unknown vectors
  related to Server : Security : Privileges.

CVE-2015-2566 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2566):
  Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows
  remote authenticated users to affect availability via vectors related to
  DML.

CVE-2015-0511 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0511):
  Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows
  remote authenticated users to affect availability via unknown vectors
  related to Server : SP.

CVE-2015-0508 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0508):
  Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows
  remote authenticated users to affect availability via unknown vectors
  related to Server : InnoDB, a different vulnerability than CVE-2015-0506.

CVE-2015-0507 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0507):
  Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows
  remote authenticated users to affect availability via unknown vectors
  related to Server : Memcached.

CVE-2015-0506 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0506):
  Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows
  remote authenticated users to affect availability via unknown vectors
  related to InnoDB, a different vulnerability than CVE-2015-0508.

CVE-2015-0505 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0505):
  Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and
  5.6.23 and earlier, allows remote authenticated users to affect availability
  via vectors related to DDL.

CVE-2015-0503 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0503):
  Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows
  remote authenticated users to affect availability via unknown vectors
  related to Server : Partition.

CVE-2015-0501 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0501):
  Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and
  5.6.23 and earlier, allows remote authenticated users to affect availability
  via unknown vectors related to Server : Compiling.

CVE-2015-0500 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0500):
  Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows
  remote authenticated users to affect availability via unknown vectors.

CVE-2015-0499 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0499):
  Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and
  5.6.23 and earlier, allows remote authenticated users to affect availability
  via unknown vectors related to Server : Federated.

CVE-2015-0498 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0498):
  Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows
  remote authenticated users to affect availability via unknown vectors
  related to Replication.

CVE-2015-0441 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0441):
  Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and
  5.6.22 and earlier, allows remote authenticated users to affect availability
  via unknown vectors related to Server : Security : Encryption.

CVE-2015-0439 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0439):
  Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows
  remote authenticated users to affect availability via unknown vectors
  related to Server : InnoDB.

CVE-2015-0438 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0438):
  Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows
  remote authenticated users to affect availability via unknown vectors
  related to Server : Partition.

CVE-2015-0433 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0433):
  Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and
  5.6.22 and earlier, allows remote authenticated users to affect availability
  via vectors related to InnoDB : DML.

CVE-2015-0423 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0423):
  Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows
  remote authenticated users to affect availability via unknown vectors
  related to Optimizer.

CVE-2015-0405 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0405):
  Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows
  remote authenticated users to affect availability via unknown vectors
  related to XA.

Comment 3 Agostino Sarubbo 2015-04-17 07:08:13 UTC

amd64 stable

Comment 4 Agostino Sarubbo 2015-04-17 07:08:27 UTC

x86 stable

Comment 5 Jeroen Roovers (RETIRED) 2015-04-17 17:02:36 UTC

Stable for HPPA.

Comment 6 Jeroen Roovers (RETIRED) 2015-04-22 03:53:21 UTC

Stable for PPC64.

Comment 7 Mikle Kolyada (RETIRED) 2015-04-24 21:27:28 UTC

sparc stable

Comment 8 Agostino Sarubbo 2015-04-28 07:30:00 UTC

alpha stable

Comment 9 Agostino Sarubbo 2015-04-28 07:46:47 UTC

ia64 stable

Comment 10 Agostino Sarubbo 2015-04-29 09:13:50 UTC

ppc stable

Comment 11 Agostino Sarubbo 2015-05-27 13:06:22 UTC

arm stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 12 Brian Evans (RETIRED) 2015-05-27 16:30:00 UTC

Cleanup done.

--- ./ChangeLog
+++ ./ChangeLog
@@ -4,0 +5,4 @@
+  27 May 2015; Brian Evans <grknight@gentoo.org> -mysql-5.5.42.ebuild,
+  -mysql-5.6.22.ebuild, -mysql-5.6.23.ebuild:
+  Drop vulnerable versions for security bug 546722

Comment 13 Yury German 2015-05-28 19:02:36 UTC

Arches and Maintainer(s), Thank you for your work.

New GLSA Request filed.

Comment 14 GLSAMaker/CVETool Bot 2015-07-10 13:27:58 UTC

This issue was resolved and addressed in
 GLSA 201507-19 at https://security.gentoo.org/glsa/201507-19
by GLSA coordinator Mikle Kolyada (Zlogene).