Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 729770 (CVE-2020-13249)

Summary: <dev-db/mariadb-connector-c-3.1.8: Improper packet validation (CVE-2020-13249)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: mysql-bugs
Priority: Normal Flags: nattka: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
=dev-db/mariadb-connector-c-3.1.9
 Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-26 20:08:26 UTC 
Description:
"libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle."
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2020-06-26 21:01:30 UTC 
We will go with latest version already.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-27 20:51:13 UTC 
arm64 stable
Comment 3 Rolf Eike Beer archtester 2020-06-28 08:39:24 UTC 
sparc stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-06-28 20:29:10 UTC 
amd64 stable
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2020-06-28 20:29:25 UTC 
x86 stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-06-28 20:31:27 UTC 
arm stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-06-28 20:38:31 UTC 
ppc64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-06-28 20:41:29 UTC 
s390 stable
Comment 9 Rolf Eike Beer archtester 2020-06-29 20:56:16 UTC 
hppa stable
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-17 00:04:33 UTC 
Please cleanup.
Comment 11 Larry the Git Cow gentoo-dev 2020-07-26 02:05:47 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3ab991c7c6bbfd1d9b5861352b1581ef6d58de0

commit c3ab991c7c6bbfd1d9b5861352b1581ef6d58de0
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-07-26 02:05:35 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-07-26 02:05:35 +0000

    dev-db/mariadb-connector-c: security cleanup
    
    Bug: https://bugs.gentoo.org/729770
    Package-Manager: Portage-3.0.0, Repoman-2.3.23
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-db/mariadb-connector-c/Manifest                |  3 -
 .../mariadb-connector-c-3.1.6.ebuild               | 88 ----------------------
 .../mariadb-connector-c-3.1.7.ebuild               | 88 ----------------------
 .../mariadb-connector-c-3.1.8.ebuild               | 88 ----------------------
 4 files changed, 267 deletions(-)