Summary: | <dev-db/mysql-{5.7.35,8.0.26}: multiple vulnerabilities (Oracle CPU July 2021) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | minor | CC: | mysql-bugs |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.oracle.com/security-alerts/cpujul2021.html#AppendixMSQL | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=831442 | ||
Whiteboard: | B3 [glsa?] | ||
Package list: |
dev-db/mysql-5.7.35 *
dev-db/mysql-8.0.26 *
|
Runtime testing required: | --- |
Bug Depends on: | 822258 | ||
Bug Blocks: | 789243 |
Description
John Helmert III
2021-07-24 03:49:39 UTC
5.7.34 and 8.0.25 are also VULNERABLE. These are latest versions in portage tree. When will 8.0.26 be available in portage tree? https://www.oracle.com/security-alerts/cpujul2021.html#AppendixMSQL Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. (In reply to Dyweni from comment #1) > 5.7.34 and 8.0.25 are also VULNERABLE. These are latest versions in portage > tree. You're right. I apologize, I misread the advisory. > When will 8.0.26 be available in portage tree? > > https://www.oracle.com/security-alerts/cpujul2021.html#AppendixMSQL At the maintainers' discretion. Ping maintainers. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f553ed43f06adafeced3319de88fba36e2c33f4 commit 4f553ed43f06adafeced3319de88fba36e2c33f4 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-08-04 18:48:03 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-08-04 19:13:11 +0000 dev-db/mysql-connector-c: bump to v8.0.26 Bug: https://bugs.gentoo.org/803620 Package-Manager: Portage-3.0.21, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-db/mysql-connector-c/Manifest | 1 + .../mysql-connector-c-8.0.26.ebuild | 122 +++++++++++++++++++++ 2 files changed, 123 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8652d56a13d1a5ac26c7528eed5780fcba9afced commit 8652d56a13d1a5ac26c7528eed5780fcba9afced Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-08-04 18:42:07 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-08-04 19:12:46 +0000 dev-db/mysql: bump to v5.7.35 Bug: https://bugs.gentoo.org/803620 Package-Manager: Portage-3.0.21, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-db/mysql/Manifest | 2 + dev-db/mysql/mysql-5.7.35.ebuild | 1294 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 1296 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0bc90c1b7143893443fb83bb1e2d66dc24859b0 commit a0bc90c1b7143893443fb83bb1e2d66dc24859b0 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-08-04 15:30:26 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-08-04 19:12:24 +0000 dev-db/mysql: bump to v8.0.26 Bug: https://bugs.gentoo.org/803620 Package-Manager: Portage-3.0.21, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-db/mysql/Manifest | 2 + dev-db/mysql/mysql-8.0.26.ebuild | 1228 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 1230 insertions(+) Still waiting on stabling in bug 789252 for the last CPU, so not sure how best to proceed here. Unable to check for sanity:
> dependent bug #789243 is missing keywords
All sanity-check issues have been resolved Unable to check for sanity:
> dependent bug #822258 is missing keywords
All sanity-check issues have been resolved |