Bug 803620

Summary:	<dev-db/mysql-{5.7.35,8.0.26}: multiple vulnerabilities (Oracle CPU July 2021)
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	CONFIRMED ---
Severity:	minor	CC:	mysql-bugs
Priority:	Normal	Flags:	nattka: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://www.oracle.com/security-alerts/cpujul2021.html#AppendixMSQL
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=831442
Whiteboard:	B3 [glsa?]
Package list:	dev-db/mysql-5.7.35 * dev-db/mysql-8.0.26 *	Runtime testing required:	---
Bug Depends on:	822258
Bug Blocks:	789243

Description John Helmert III archtester

2021-07-24 03:49:39 UTC

Details at tracker.

Comment 1 Dyweni 2021-07-29 14:27:46 UTC

5.7.34 and 8.0.25 are also VULNERABLE.  These are latest versions in portage tree.

When will 8.0.26 be available in portage tree?

https://www.oracle.com/security-alerts/cpujul2021.html#AppendixMSQL

Comment 2 NATTkA bot gentoo-dev

2021-07-29 17:20:26 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 3 NATTkA bot gentoo-dev

2021-07-29 17:28:28 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 4 NATTkA bot gentoo-dev

2021-07-29 17:36:28 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 5 NATTkA bot gentoo-dev

2021-07-29 17:44:31 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 6 NATTkA bot gentoo-dev

2021-07-29 17:52:35 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 7 NATTkA bot gentoo-dev

2021-07-29 17:56:30 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 8 NATTkA bot gentoo-dev

2021-07-29 18:00:29 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 9 NATTkA bot gentoo-dev

2021-07-29 18:08:47 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 10 John Helmert III archtester

2021-08-02 19:33:14 UTC

(In reply to Dyweni from comment #1)
> 5.7.34 and 8.0.25 are also VULNERABLE.  These are latest versions in portage
> tree.

You're right. I apologize, I misread the advisory.

> When will 8.0.26 be available in portage tree?
> 
> https://www.oracle.com/security-alerts/cpujul2021.html#AppendixMSQL

At the maintainers' discretion.

Ping maintainers.

Comment 11 Larry the Git Cow gentoo-dev

2021-08-04 19:13:23 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f553ed43f06adafeced3319de88fba36e2c33f4

commit 4f553ed43f06adafeced3319de88fba36e2c33f4
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-08-04 18:48:03 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-08-04 19:13:11 +0000

    dev-db/mysql-connector-c: bump to v8.0.26
    
    Bug: https://bugs.gentoo.org/803620
    Package-Manager: Portage-3.0.21, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-db/mysql-connector-c/Manifest                  |   1 +
 .../mysql-connector-c-8.0.26.ebuild                | 122 +++++++++++++++++++++
 2 files changed, 123 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8652d56a13d1a5ac26c7528eed5780fcba9afced

commit 8652d56a13d1a5ac26c7528eed5780fcba9afced
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-08-04 18:42:07 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-08-04 19:12:46 +0000

    dev-db/mysql: bump to v5.7.35
    
    Bug: https://bugs.gentoo.org/803620
    Package-Manager: Portage-3.0.21, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-db/mysql/Manifest            |    2 +
 dev-db/mysql/mysql-5.7.35.ebuild | 1294 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 1296 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0bc90c1b7143893443fb83bb1e2d66dc24859b0

commit a0bc90c1b7143893443fb83bb1e2d66dc24859b0
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-08-04 15:30:26 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-08-04 19:12:24 +0000

    dev-db/mysql: bump to v8.0.26
    
    Bug: https://bugs.gentoo.org/803620
    Package-Manager: Portage-3.0.21, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-db/mysql/Manifest            |    2 +
 dev-db/mysql/mysql-8.0.26.ebuild | 1228 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 1230 insertions(+)

Comment 12 John Helmert III archtester

2021-08-06 21:39:41 UTC

Still waiting on stabling in bug 789252 for the last CPU, so not sure how best to proceed here.

Comment 13 NATTkA bot gentoo-dev

2021-10-16 02:48:34 UTC Comment hidden (obsolete)

Unable to check for sanity:

> dependent bug #789243 is missing keywords

Comment 14 NATTkA bot gentoo-dev

2021-12-17 06:28:48 UTC Comment hidden (obsolete)

All sanity-check issues have been resolved

Comment 15 NATTkA bot gentoo-dev

2021-12-18 18:12:52 UTC Comment hidden (obsolete)

Unable to check for sanity:

> dependent bug #822258 is missing keywords

Comment 16 NATTkA bot gentoo-dev

2021-12-18 18:20:55 UTC

All sanity-check issues have been resolved