Summary: | <dev-db/mysql-5.6.36: multiple vulnerabilities (CPU Apr 2017) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | mysql-bugs |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
=dev-db/mysql-5.6.36
|
Runtime testing required: | --- |
Bug Depends on: | 625626 | ||
Bug Blocks: | 627892 |
Description
Agostino Sarubbo
2017-04-24 11:54:11 UTC
@ Arches, please test and mark stable. The test suite should pass following the official instructions. Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances) Target keywords: =dev-db/mysql-5.6.36 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 # Official test instructions: # USE='server embedded extraengine perl openssl static-libs' \ # FEATURES='test userpriv -usersandbox' \ # ebuild mysql-5.6.36.ebuild \ # digest clean package # Parallel testing is enabled, auto will try to detect number of cores # You may set this by hand. # The default maximum is 8 unless MTR_MAX_PARALLEL is increased export MTR_PARALLEL="${MTR_PARALLEL:-auto}" Brian, does the stabilization cover the blocking bug, or should we split them up? (if it does we will just this one to be blocker). (In reply to Yury German from comment #2) > Brian, does the stabilization cover the blocking bug, or should we split > them up? (if it does we will just this one to be blocker). Yes, according to the Oracle advisory link, CVE-2017-3305 affects <=5.5.55 and <=5.6.35 Stable for HPPA. arm stable ppc ppc64 stable. Stable on alpha. ia64 stable Stable on amd64. Finishing stabilization in bug #625626 This issue was resolved and addressed in GLSA 201802-04 at https://security.gentoo.org/glsa/201802-04 by GLSA coordinator Thomas Deutschmann (whissi). |