Summary: | <dev-db/mysql-5.5.39 : Multiple vulnerabilities (CVE-2013-{3839,5767,5770,5786,5793,5807}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | mysql-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/55327/ | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-10-16 11:05:43 UTC
CVE-2013-5807 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5807): Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication. CVE-2013-5793 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5793): Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVE-2013-5786 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5786): Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVE-2013-5770 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5770): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking. CVE-2013-5767 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5767): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. CVE-2013-3839 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3839): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. I've pushed mysql-5.5.37 to the tree. We also have 5.6.17 in the overlay and 5.6 is only present in the overlay. Thanks for your work, guys. Added to existing GLSA request This issue was resolved and addressed in GLSA 201409-04 at http://security.gentoo.org/glsa/glsa-201409-04.xml by GLSA coordinator Sergey Popov (pinkbyte). |