Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 750776

Summary: dev-db/mysql-cluster: Memory corruption in bundled JS module (CVE-2020-8174)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: mysql-bugs
Priority: Normal Keywords: PMASKED
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 834113    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-10-23 04:03:24 UTC 
Oracle's October 2020 Security Advisory states that mysql-cluster is vulnerable to CVE-2020-8174:

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

The advisory lists <7.3.30, <7.4.29, <7.6.15, and <8.0.21 as affected. Please bump.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-24 22:56:07 UTC 
ping
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:25:39 UTC 
Package list is empty or all packages have requested keywords.
Comment 3 Larry the Git Cow gentoo-dev 2022-03-11 14:44:30 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efc70d2d8a5e6eb1d891faa922ebc513e422a896

commit efc70d2d8a5e6eb1d891faa922ebc513e422a896
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-03-11 14:43:53 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-11 14:44:17 +0000

    profiles: last-rite dev-db/mysql-cluster
    
    Bug: https://bugs.gentoo.org/834113
    Bug: https://bugs.gentoo.org/638856
    Bug: https://bugs.gentoo.org/675986
    Bug: https://bugs.gentoo.org/693564
    Bug: https://bugs.gentoo.org/741548
    Bug: https://bugs.gentoo.org/746710
    Bug: https://bugs.gentoo.org/750776
    Bug: https://bugs.gentoo.org/781281
    Bug: https://bugs.gentoo.org/801697
    Bug: https://bugs.gentoo.org/805521
    Bug: https://bugs.gentoo.org/819660
    Bug: https://bugs.gentoo.org/829342
    Bug: https://bugs.gentoo.org/831445
    Bug: https://bugs.gentoo.org/833523
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/package.mask | 6 ++++++
 1 file changed, 6 insertions(+)
Comment 4 Larry the Git Cow gentoo-dev 2022-04-13 05:55:12 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09e310df2857835d3298359785d695c5fb9d60ee

commit 09e310df2857835d3298359785d695c5fb9d60ee
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-04-13 05:51:21 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-04-13 05:54:57 +0000

    dev-db/mysql-cluster: treeclean
    
    Closes: https://bugs.gentoo.org/834113
    Closes: https://bugs.gentoo.org/829342
    Closes: https://bugs.gentoo.org/833523
    Closes: https://bugs.gentoo.org/693564
    Closes: https://bugs.gentoo.org/741548
    Closes: https://bugs.gentoo.org/746710
    Closes: https://bugs.gentoo.org/781281
    Closes: https://bugs.gentoo.org/638856
    Closes: https://bugs.gentoo.org/675986
    Closes: https://bugs.gentoo.org/831445
    Closes: https://bugs.gentoo.org/750776
    Closes: https://bugs.gentoo.org/801697
    Closes: https://bugs.gentoo.org/805521
    Bug: https://bugs.gentoo.org/819660
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-db/mysql-cluster/Manifest                    |   2 -
 dev-db/mysql-cluster/files/my.cnf-5.6            | 139 ----
 dev-db/mysql-cluster/metadata.xml                |  19 -
 dev-db/mysql-cluster/mysql-cluster-7.4.21.ebuild | 811 -----------------------
 4 files changed, 971 deletions(-)
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-04-13 05:56:10 UTC 
Removed.