Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 789243

Summary: <dev-db/mysql-{5.7.34,8.0.24}: multiple vulnerabilities (CPU April 2021)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mysql-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=786402
Whiteboard: B3 [glsa+ cve]
Package list:
dev-db/mysql-5.7.34 dev-db/mysql-8.0.25
Runtime testing required: ---
Bug Depends on: 761715, 803620, 822258    
Bug Blocks: 766339, 789237, 789255    

Description GLSAMaker/CVETool Bot gentoo-dev 2021-05-09 23:36:54 UTC
Incoming details.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-09 23:57:41 UTC
@ arches,

please test and mark stable:

=dev-db/mysql-5.7.34 amd64 arm arm64 ia64 ppc ppc64 x86
=dev-db/mysql-8.0.24 amd64 arm arm64 ia64 ppc ppc64 x86


# Official test instructions:
ulimit -n 16500 && \
USE='perl server' \
FEATURES='test userpriv -usersandbox' \
ebuild mysql-X.X.XX.ebuild \
digest clean package

Note: <mysql-8 will need USE=latin1 for tests!
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-10 00:01:21 UTC
Freeing alias for tracker bug creation.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-12 14:21:41 UTC
Stopping stabilization, incoming 8.0.25 which fixes a regression caused by 8.0.24.
Comment 4 NATTkA bot gentoo-dev 2021-05-12 14:24:20 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-05-12 15:40:24 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-05-12 15:44:24 UTC Comment hidden (obsolete)
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-24 01:19:51 UTC
x86 stable
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-24 01:20:02 UTC
x86 stable
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-24 18:08:35 UTC
Added to an existing GLSA request.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2021-05-26 09:52:33 UTC
This issue was resolved and addressed in
 GLSA 202105-27 at https://security.gentoo.org/glsa/202105-27
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-26 09:53:16 UTC
Re-opening for remaining architectures.
Comment 12 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-07-06 18:02:25 UTC
amd64 done
Comment 13 Andreas K. Hüttel archtester gentoo-dev 2021-09-20 19:28:34 UTC
@arches: ping
Comment 14 Andreas K. Hüttel archtester gentoo-dev 2021-09-27 19:03:52 UTC
@arches: ping
Comment 15 Andreas K. Hüttel archtester gentoo-dev 2021-10-05 23:03:39 UTC
@arches: ping, anyone alive out there?
Comment 16 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-10-12 00:09:57 UTC
arm64 done
Comment 17 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-10-14 09:44:44 UTC
arm done
Comment 18 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-10-16 02:44:58 UTC
ppc64 done
Comment 19 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-10-16 02:45:23 UTC
ppc done

all arches done
Comment 20 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-10-16 02:45:53 UTC
(In reply to Sam James from comment #19)
> ppc done
> 
> all arches done

Stabled 5.x but can't do 8.x due to bug 761715.
Comment 21 NATTkA bot gentoo-dev 2021-10-16 02:48:46 UTC
Keywords are not fully specified and arches are not CC-ed for the following packages:

- =dev-db/mysql-8.0.25
Comment 22 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-10 23:05:00 UTC
Stabilized and cleaned up a while ago, all done!