Summary: | <dev-db/mysql-{5.5.50,5.6.31}: Multiple vulnerabilties (CVE-2016-{3459,3477,3486,3501,3521,3614,3615,5439,5440}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bman, mysql-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-07-20 13:29:21 UTC
=dev-db/mysql-{5.6.30, 5.5.0} are already in tree and 5.6.30 stabilized. We will assign the relevant CVE's to that bug. *** This bug has been marked as a duplicate of bug 580832 *** (In reply to Aaron Bauman from comment #1) > =dev-db/mysql-{5.6.30, 5.5.0} are already in tree and 5.6.30 stabilized. We > will assign the relevant CVE's to that bug. > > *** This bug has been marked as a duplicate of bug 580832 *** Several of the CVEs affect <=5.6.30. 5.6.31 should be the new stable target. *** Bug 589410 has been marked as a duplicate of this bug. *** Added to existing GLSA. CVE-2016-5440 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5440): Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: RBR. CVE-2016-5439 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5439): Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. CVE-2016-3615 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3615): Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: DML. CVE-2016-3614 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3614): Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. CVE-2016-3521 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3521): Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. CVE-2016-3501 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3501): Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. CVE-2016-3486 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3486): Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. CVE-2016-3477 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3477): Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. CVE-2016-3459 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3459): Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. @arches, please stabilize: =dev-db/mysql-5.6.31 Stable for PPC64. Stable for HPPA. Stable on alpha. arm stable amd64 stable x86 stable sparc stable ppc stable ia64 stable. Maintainer(s), please cleanup. @maintainers, please clean 5.6.31. This issue was resolved and addressed in GLSA 201610-06 at https://security.gentoo.org/glsa/201610-06 by GLSA coordinator Aaron Bauman (b-man). Reopening for cleanup. Please cleanup the following: =dev-db/mysql-5.6.30 Cleanup complete (In reply to Brian Evans from comment #19) > Cleanup complete Thanks, Brian! |