Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 564442 (CVE-2015-4792, CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4895, CVE-2015-4913)

Summary: <dev-db/mariadb-{5.5.46,10.0.22,10.1.8}: multiple vulnerabilities (CVE-2015-{4792,4802,4807,4815,4816,4819,4826,4830,4836,4858,4861,4866,4870,4879,4895,4913})
Product: Gentoo Security Reporter: Brian Evans <grknight>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mysql-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://mariadb.com/kb/en/mariadb/security/
Whiteboard: B2 [glsa cve]
Package list:
Runtime testing required: ---

Description Brian Evans Gentoo Infrastructure gentoo-dev 2015-10-29 17:58:39 UTC
From $URL:

Full List of CVEs fixed in MariaDB

CVE-2015-4913: MariaDB 5.5.46, MariaDB 10.1.8, MariaDB 10.0.22
CVE-2015-4895: MariaDB 10.1.8, MariaDB 10.0.21
CVE-2015-4879: MariaDB 5.5.45, MariaDB 10.1.8, MariaDB 10.0.21
CVE-2015-4870: MariaDB 5.5.46, MariaDB 10.1.8, MariaDB 10.0.22
CVE-2015-4866: MariaDB 10.1.8, MariaDB 10.0.18
CVE-2015-4861: MariaDB 5.5.46, MariaDB 10.1.8, MariaDB 10.0.22
CVE-2015-4858: MariaDB 5.5.46, MariaDB 10.1.8, MariaDB 10.0.22
CVE-2015-4836: MariaDB 5.5.46, MariaDB 10.1.8, MariaDB 10.0.22
CVE-2015-4830: MariaDB 5.5.46, MariaDB 10.1.8, MariaDB 10.0.22
CVE-2015-4826: MariaDB 5.5.46, MariaDB 10.1.8, MariaDB 10.0.22
CVE-2015-4819: MariaDB 5.5.45, MariaDB 10.1.8, MariaDB 10.0.21
CVE-2015-4816: MariaDB 5.5.45, MariaDB 10.1.8, MariaDB 10.0.21
CVE-2015-4815: MariaDB 5.5.46, MariaDB 10.1.8, MariaDB 10.0.22
CVE-2015-4807: MariaDB 5.5.46, MariaDB 10.1.8, MariaDB 10.0.22
CVE-2015-4802: MariaDB 5.5.46, MariaDB 10.1.8, MariaDB 10.0.22
CVE-2015-4792: MariaDB 5.5.46, MariaDB 10.1.8, MariaDB 10.0.22
Comment 1 Brian Evans Gentoo Infrastructure gentoo-dev 2015-11-04 21:46:02 UTC
Arches, please test and mark stable.
The test suite should pass following the official instructions.
Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances)

Target keywords:
=dev-db/mariadb-10.0.22 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86

# Official test instructions:
# USE='embedded extraengine perl openssl static-libs' \
# FEATURES='test userpriv -usersandbox' \
# ebuild mariadb-10.0.22.ebuild \
# digest clean package

# Parallel testing is enabled, auto will try to detect number of cores
# You may set this by hand.
# The default maximum is 8 unless MTR_MAX_PARALLEL is increased
export MTR_PARALLEL="${MTR_PARALLEL:-auto}"
Comment 2 Agostino Sarubbo gentoo-dev 2015-11-05 10:07:03 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2015-11-05 10:08:02 UTC
x86 stable
Comment 4 Jeroen Roovers gentoo-dev 2015-11-06 05:33:48 UTC
Stable for PPC64.
Comment 5 Jeroen Roovers gentoo-dev 2015-11-08 06:09:17 UTC
Stable for HPPA.
Comment 6 Agostino Sarubbo gentoo-dev 2015-11-09 08:54:27 UTC
ppc stable
Comment 7 Agostino Sarubbo gentoo-dev 2015-11-18 09:57:00 UTC
ia64 stable
Comment 8 Markus Meier gentoo-dev 2015-11-21 14:20:03 UTC
arm stable
Comment 9 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-12-25 20:03:14 UTC
sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2016-01-10 11:22:38 UTC
alpha stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 11 Brian Evans Gentoo Infrastructure gentoo-dev 2016-01-10 14:30:09 UTC
Cleanup complete
Comment 12 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-07-23 02:01:29 UTC
Added to existing GLSA.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2016-10-11 13:45:32 UTC
This issue was resolved and addressed in
 GLSA 201610-06 at https://security.gentoo.org/glsa/201610-06
by GLSA coordinator Aaron Bauman (b-man).