803620 – <dev-db/mysql-{5.7.35,8.0.26}: multiple vulnerabilities (Oracle CPU July 2021)

Bug 803620 - <dev-db/mysql-{5.7.35,8.0.26}: multiple vulnerabilities (Oracle CPU July 2021)

Summary: <dev-db/mysql-{5.7.35,8.0.26}: multiple vulnerabilities (Oracle CPU July 2021)

Status:	CONFIRMED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://www.oracle.com/security-alert...
Whiteboard:	B3 [glsa?]
Keywords:

Depends on:	822258
Blocks:	789243
	Show dependency tree

Reported:	2021-07-24 03:49 UTC by John Helmert III
Modified:	2022-03-05 18:15 UTC (History)
CC List:	1 user (show)

See Also:	CVE-2022-21245, CVE-2022-21249, CVE-2022-21253, CVE-2022-21254, CVE-2022-21256, CVE-2022-21264, CVE-2022-21265, CVE-2022-21270, CVE-2022-21278, CVE-2022-21297, CVE-2022-21301, CVE-2022-21302, CVE-2022-21303, CVE-2022-21304, CVE-2022-21339, CVE-2022-21342, CVE-2022-21344, CVE-2022-21348, CVE-2022-21351, CVE-2022-21352, CVE-2022-21358, CVE-2022-21362, CVE-2022-21367, CVE-2022-21368, CVE-2022-21370, CVE-2022-21372, CVE-2022-21374, CVE-2022-21378, CVE-2022-21379
Package list:	dev-db/mysql-5.7.35 * dev-db/mysql-8.0.26 *
Runtime testing required:	---

Flags:	nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2021-07-24 03:49:39 UTC

Details at tracker.

Comment 1 Dyweni 2021-07-29 14:27:46 UTC

5.7.34 and 8.0.25 are also VULNERABLE.  These are latest versions in portage tree.

When will 8.0.26 be available in portage tree?

https://www.oracle.com/security-alerts/cpujul2021.html#AppendixMSQL

Comment 2 NATTkA bot gentoo-dev

2021-07-29 17:20:26 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 3 NATTkA bot gentoo-dev

2021-07-29 17:28:28 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 4 NATTkA bot gentoo-dev

2021-07-29 17:36:28 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 5 NATTkA bot gentoo-dev

2021-07-29 17:44:31 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 6 NATTkA bot gentoo-dev

2021-07-29 17:52:35 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 7 NATTkA bot gentoo-dev

2021-07-29 17:56:30 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 8 NATTkA bot gentoo-dev

2021-07-29 18:00:29 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 9 NATTkA bot gentoo-dev

2021-07-29 18:08:47 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 10 John Helmert III archtester

2021-08-02 19:33:14 UTC

(In reply to Dyweni from comment #1)
> 5.7.34 and 8.0.25 are also VULNERABLE.  These are latest versions in portage
> tree.

You're right. I apologize, I misread the advisory.

> When will 8.0.26 be available in portage tree?
> 
> https://www.oracle.com/security-alerts/cpujul2021.html#AppendixMSQL

At the maintainers' discretion.

Ping maintainers.

Comment 11 Larry the Git Cow gentoo-dev

2021-08-04 19:13:23 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f553ed43f06adafeced3319de88fba36e2c33f4

commit 4f553ed43f06adafeced3319de88fba36e2c33f4
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-08-04 18:48:03 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-08-04 19:13:11 +0000

    dev-db/mysql-connector-c: bump to v8.0.26
    
    Bug: https://bugs.gentoo.org/803620
    Package-Manager: Portage-3.0.21, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-db/mysql-connector-c/Manifest                  |   1 +
 .../mysql-connector-c-8.0.26.ebuild                | 122 +++++++++++++++++++++
 2 files changed, 123 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8652d56a13d1a5ac26c7528eed5780fcba9afced

commit 8652d56a13d1a5ac26c7528eed5780fcba9afced
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-08-04 18:42:07 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-08-04 19:12:46 +0000

    dev-db/mysql: bump to v5.7.35
    
    Bug: https://bugs.gentoo.org/803620
    Package-Manager: Portage-3.0.21, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-db/mysql/Manifest            |    2 +
 dev-db/mysql/mysql-5.7.35.ebuild | 1294 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 1296 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0bc90c1b7143893443fb83bb1e2d66dc24859b0

commit a0bc90c1b7143893443fb83bb1e2d66dc24859b0
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-08-04 15:30:26 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-08-04 19:12:24 +0000

    dev-db/mysql: bump to v8.0.26
    
    Bug: https://bugs.gentoo.org/803620
    Package-Manager: Portage-3.0.21, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-db/mysql/Manifest            |    2 +
 dev-db/mysql/mysql-8.0.26.ebuild | 1228 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 1230 insertions(+)

Comment 12 John Helmert III archtester

2021-08-06 21:39:41 UTC

Still waiting on stabling in bug 789252 for the last CPU, so not sure how best to proceed here.

Comment 13 NATTkA bot gentoo-dev

2021-10-16 02:48:34 UTC Comment hidden (obsolete)

Unable to check for sanity:

> dependent bug #789243 is missing keywords

Comment 14 NATTkA bot gentoo-dev

2021-12-17 06:28:48 UTC Comment hidden (obsolete)

All sanity-check issues have been resolved

Comment 15 NATTkA bot gentoo-dev

2021-12-18 18:12:52 UTC Comment hidden (obsolete)

Unable to check for sanity:

> dependent bug #822258 is missing keywords

Comment 16 NATTkA bot gentoo-dev

2021-12-18 18:20:55 UTC

All sanity-check issues have been resolved