Summary: | <dev-db/mysql-5.1.53: Several vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | mysql-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 344031, 347796 | ||
Bug Blocks: |
Description
Hanno Böck
2010-11-10 22:14:11 UTC
Fun. I'm working on an 5.1.52-r1 for the hardened users still, and we can stabilize that. I've added a depend on the bug tracking the TEXTRELs on x86. (In reply to comment #1) > Fun. > I'm working on an 5.1.52-r1 for the hardened users still, and we can stabilize > that. > I see in bug 344031 that 5.1.52-r1 and 5.1.53 are working for hardened users. Can we stabilize one of these to get these security fixes? And if so, which one? Thank you. No, not yet unfortunately. The TEXTREL fix broke the build on certain multilib setups. underling: I intend to ask for this stable in 1 week. @robbat2, shall we move forward with stabilization of 5.1.52-r1? (In reply to comment #6) > @robbat2, shall we move forward with stabilization of 5.1.52-r1? The stablereq target is 5.1.56, nothing earlier. (In reply to comment #7) > The stablereq target is 5.1.56, nothing earlier. Ok, great, thanks. For our future reference, 5.1.56 also includes this security fix (first fixed in 5.1.53): http://dev.mysql.com/doc/refman/5.1/en/news-5-1-53.html InnoDB Storage Engine: Security Fix: A failed CREATE TABLE statement for an InnoDB table could allocate memory that was never freed. (Bug #56947) Arches, please test and mark stable: =dev-db/mysql-5.1.56 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" x86 stable. thanks posted bug 366289 and bug 366291 (In reply to comment #10) > posted bug 366289 and bug 366291 anyway works for me. To clarify: 1. As usual, the test instructions are included in the ebuild # Official test instructions: # USE='berkdb -cluster embedded extraengine perl ssl community' \ # FEATURES='test userpriv -usersandbox' \ # ebuild mysql-X.X.XX.ebuild \ # digest clean package 2. The warning about unused configure flags is a long-standing false positive from upstream's nested unrelated configure scripts. 3. The dodoc is fixed per bug #366289. amd64 done and64. used recommended use flags etc. Longest test suite so far. emerged ok. seems done arm stable Stable for HPPA. ia64/ppc/ppc64 stable alpha/s390/sh/sparc stable Thanks, folks. GLSA Vote: Yes (with other MySQL bugs) Vote: YES. Added to pending GLSA request. This issue was resolved and addressed in GLSA 201201-02 at http://security.gentoo.org/glsa/glsa-201201-02.xml by GLSA coordinator Tim Sammut (underling). |