Summary: | GLSA Alert (200708-10, 200804-04, 200711-25) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | myacoubi |
Component: | GLSA Errors | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | mysql-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
myacoubi
2008-07-23 08:27:04 UTC
As hinted in red letters, "Gentoo Bugzilla" is not the correct product to file bugs regarding ebuilds. Please use "New -> Gentoo Linux -> Component: Ebuilds" or New -> Gentoo Security for security issues in future. Iirc, MySQL 4.x isn't really supported anymore. Maybe time to mask all 4.x ebuilds. (In reply to comment #0) > > These GLSA we alert a security problem for versions below 5.0, while versions > dev-db/mysql-4.0.27-r1 and dev-db/mysql-4.1.22-r1 are not subject to various > faults . > You sure of that? For example, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3780 links to http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html, saying that it was fixed in 4.1.24... (In reply to comment #2) > (In reply to comment #0) > > > > These GLSA we alert a security problem for versions below 5.0, while versions > > dev-db/mysql-4.0.27-r1 and dev-db/mysql-4.1.22-r1 are not subject to various > > faults . > > > You sure of that? > For example, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3780 links > to http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html, saying that it was > fixed in 4.1.24... > Well, I'm closing as INVALID, feel free to reopen if you can prove that 4.0.27 and 4.1.22 really are not vulnerable. |