Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 819891 (CVE-2021-2478, CVE-2021-2479, CVE-2021-2481, CVE-2021-35537, CVE-2021-35546, CVE-2021-35575, CVE-2021-35577, CVE-2021-35591, CVE-2021-35596, CVE-2021-35602, CVE-2021-35607, CVE-2021-35608, CVE-2021-35610, CVE-2021-35612, CVE-2021-35622, CVE-2021-35623, CVE-2021-35624, CVE-2021-35625, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35629, CVE-2021-35630, CVE-2021-35631, CVE-2021-35632, CVE-2021-35633, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35637, CVE-2021-35638, CVE-2021-35639, CVE-2021-35640, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2021-35648)

Summary: <dev-db/mysql-{5.7.36,8,0,27}: multiple vulnerabilities (Oracle CPU Oct 2021)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: minor CC: mysql-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.oracle.com/security-alerts/cpuoct2021.html
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 822756    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-23 21:37:10 UTC 
Omitting descriptions as Bugzilla won't take a bug description that long.

Seems like we need bumps to >5.7.35 and >8.0.26. I also noticed while
checking for curl bundledness that the package is configured with
"-DWITH_CURL=system" but doesn't specify a dependency on curl. Missing
dependency?