Summary: | <dev-java/jdbc-mysql-8.0.32: vulnerability can result in takeover of MySQL Connectors (Oracle CPU January 2022) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Volkmar W. Pogatzki <gentoo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | fordfrog |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/30300 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 902799 | ||
Bug Blocks: |
Description
Volkmar W. Pogatzki
2022-07-30 12:12:53 UTC
Thanks! Modifying summary to indicate there's not a fixed version in tree yet. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dbd9abcca9642479b29ba88ab284a4d15040eaba commit dbd9abcca9642479b29ba88ab284a4d15040eaba Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2022-06-24 08:48:53 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2023-03-23 06:48:03 +0000 dev-java/jdbc-mysql: add 8.0.32 - CVE-2022-21363 Bug: https://bugs.gentoo.org/862339 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/30300 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/jdbc-mysql/Manifest | 2 + dev-java/jdbc-mysql/jdbc-mysql-8.0.32.ebuild | 56 ++++++++++++++++++++++++++++ dev-java/jdbc-mysql/metadata.xml | 3 ++ 3 files changed, 61 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8ffd7478dcaa4b42789c3c0d02f807000548d46 commit a8ffd7478dcaa4b42789c3c0d02f807000548d46 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2023-03-23 11:00:32 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2023-03-23 11:00:32 +0000 dev-java/jdbc-mysql: dropped obsolete and vulnerable 8.0.26 Bug: https://bugs.gentoo.org/862339 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/jdbc-mysql/Manifest | 1 - dev-java/jdbc-mysql/jdbc-mysql-8.0.26.ebuild | 54 ---------------------------- 2 files changed, 55 deletions(-) the tree is clean now, you can proceed. Thanks! Difficult to exploit so no GLSA. All done! |