Summary: | <dev-db/mysql-5.0.83 dispatch_command() multiple format string vulnerabilities (CVE-2009-2446) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | mysql-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 290485, 303747 | ||
Bug Blocks: |
Description
Stefan Behte (RETIRED)
2009-07-13 21:44:33 UTC
mysql: we already have 5.0.83 in tree, would it be ok to stable? The exploit did not work for us, so there seems no need no hurry. mysql: *ping* +1, but beware that it no longer compiles with <gcc-4. This a show-stopper for hardened. mysql: what is your planned timeline on this? I answered you already that you could stable it once hardened has a stable GCC4. I somehow misinterpreted your answer, sorry. Adding bug nr as dependency. stabling is done currently happening in bug 290485. stabling moved to sec bug 303747 (In reply to comment #8) > stabling moved to sec bug 303747 All security-supported arches have done the stabilization from bug #303747. Should we make the decision about GLSA? B2 needs a GLSA, there is nothing to decide. This issue was resolved and addressed in GLSA 201201-02 at http://security.gentoo.org/glsa/glsa-201201-02.xml by GLSA coordinator Tim Sammut (underling). |