Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 766339 (CVE-2021-1998, CVE-2021-2001, CVE-2021-2002, CVE-2021-2006, CVE-2021-2007, CVE-2021-2009, CVE-2021-2010, CVE-2021-2011, CVE-2021-2012, CVE-2021-2014, CVE-2021-2016, CVE-2021-2019, CVE-2021-2020, CVE-2021-2021, CVE-2021-2022, CVE-2021-2024, CVE-2021-2028, CVE-2021-2030, CVE-2021-2031, CVE-2021-2032, CVE-2021-2036, CVE-2021-2038, CVE-2021-2042, CVE-2021-2046, CVE-2021-2048, CVE-2021-2055, CVE-2021-2056, CVE-2021-2058, CVE-2021-2060, CVE-2021-2061, CVE-2021-2065, CVE-2021-2070, CVE-2021-2072, CVE-2021-2076, CVE-2021-2081, CVE-2021-2087, CVE-2021-2088, CVE-2021-2122)

Summary: <dev-db/mysql-{5.7.33,8.0.23}: multiple vulnerabilities (CPU Jan 2021)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: mysql-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa+ cve]
Package list:
dev-db/mysql-5.7.33 dev-db/mysql-8.0.23
Runtime testing required: ---
Bug Depends on: 789243    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-01-21 02:57:23 UTC
Numerous vulnerabilities for MySQL were released in their January
2021 CPU, not all of which are fixed in the versions in tree, so please bump.
Comment 1 Larry the Git Cow gentoo-dev 2021-01-21 22:32:24 UTC
The bug has been referenced in the following commit(s):

commit 83a86eee469fdc6c81ce73e5a39e0a66f5309753
Author:     Thomas Deutschmann <>
AuthorDate: 2021-01-21 21:14:54 +0000
Commit:     Thomas Deutschmann <>
CommitDate: 2021-01-21 22:32:10 +0000

    dev-db/mysql: bump to v8.0.23
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: Thomas Deutschmann <>

 dev-db/mysql/Manifest            |    2 +
 dev-db/mysql/mysql-8.0.23.ebuild | 1159 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 1161 insertions(+)
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2021-02-01 15:22:24 UTC
@ arches,

please test and mark stable:

=dev-db/mysql-5.7.33 amd64 arm arm64 ia64 ppc ppc64 x86
=dev-db/mysql-8.0.23 amd64 arm arm64 ia64 ppc ppc64 x86

# Official test instructions:
ulimit -n 16500 && \
USE='perl server' \
FEATURES='test userpriv -usersandbox' \
ebuild mysql-X.X.XX.ebuild \
digest clean package

Note: <mysql-8 will need USE=latin1 for tests!
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2021-02-03 23:56:08 UTC
x86 stable
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2021-02-26 08:50:11 UTC
amd64 stable
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-09 23:58:13 UTC
Superseded by bug 789243.
Comment 6 NATTkA bot gentoo-dev 2021-05-10 00:00:34 UTC
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-24 18:07:58 UTC
Added to an existing GLSA request.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2021-05-26 09:52:30 UTC
This issue was resolved and addressed in
 GLSA 202105-27 at
by GLSA coordinator Thomas Deutschmann (whissi).