Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 627486 - <dev-db/mariadb-{10.0.32,10.1.26}: multiple vulnerabilities (CPU JUL 2017) (CVE-2017-{3636,3641,3651,3653})
Summary: <dev-db/mariadb-{10.0.32,10.1.26}: multiple vulnerabilities (CPU JUL 2017) (...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://mariadb.com/kb/en/mariadb/sec...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-10 20:14 UTC by Brian Evans (RETIRED)
Modified: 2018-11-25 01:02 UTC (History)
3 users (show)

See Also:
Package list:
dev-db/mariadb-10.0.32-r1 dev-db/mariadb-10.1.26-r1
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Brian Evans (RETIRED) gentoo-dev 2017-08-10 20:14:47 UTC 
The following vulnerabilities listed in Oracle's CPU JUL 2017 release were fixed by these mariadb versions

CVE-2017-3653: MariaDB 5.5.57, MariaDB 10.1.26, MariaDB 10.0.32
CVE-2017-3651: MariaDB 5.5.53, MariaDB 10.1.19, MariaDB 10.0.28
CVE-2017-3641: MariaDB 5.5.57, MariaDB 10.1.26, MariaDB 10.0.32
CVE-2017-3636: MariaDB 5.5.57, MariaDB 10.1.26, MariaDB 10.0.32
Comment 1 Brian Evans (RETIRED) gentoo-dev 2017-08-12 02:07:33 UTC 
@ Arches, please test and mark stable.
The test suite should pass following the official instructions.
Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances)

Target keywords:
=dev-db/mariadb-10.0.32 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
=dev-db/mariadb-10.1.26 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86


# Official test instructions:
# USE='embedded extraengine perl server openssl static-libs' \
# FEATURES='test userpriv -usersandbox' \
# ebuild mariadb-10.0.32.ebuild \
# digest clean package

# Parallel testing is enabled, auto will try to detect number of cores
# You may set this by hand.
# The default maximum is 8 unless MTR_MAX_PARALLEL is increased
export MTR_PARALLEL="${MTR_PARALLEL:-auto}"
Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev 2017-08-12 13:42:53 UTC 
ia64 stable
Comment 3 Markus Meier gentoo-dev 2017-08-23 04:59:54 UTC 
arm stable
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2017-08-25 21:17:59 UTC 
amd64 stable
Comment 5 Tobias Klausmann (RETIRED) gentoo-dev 2017-09-04 12:21:59 UTC 
Stable on alpha.
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2017-09-10 22:18:55 UTC 
sparc was dropped to exp.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2017-09-23 13:35:34 UTC 
x86 stable
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-24 19:44:11 UTC 
ppc64 stable
Comment 9 Yury German Gentoo Infrastructure gentoo-dev 2017-10-02 04:48:41 UTC 
hppa / ppc / sparc - Please complete stabilization we are way passed the 20 day time line.
Comment 10 Rolf Eike Beer archtester 2017-11-16 19:05:43 UTC 
Obsoleted by 637580.

Just a note: sparc had SIGBUS during test phase, will report if issue persists with new version.
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2017-11-16 19:16:43 UTC 
Superseded by bug 637580.