Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 319489 (CVE-2010-1848) - <dev-db/mysql-5.0.91: multiple vulnerabilities (CVE-2010-{1848,1849,1850)
Summary: <dev-db/mysql-5.0.91: multiple vulnerabilities (CVE-2010-{1848,1849,1850)
Status: RESOLVED FIXED
Alias: CVE-2010-1848
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://dev.mysql.com/doc/refman/5.1/e...
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-05-13 06:08 UTC by cilly
Modified: 2012-01-05 22:47 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Build log (mysql-5.0.91:20110103-145623.log,1.24 MB, text/plain)
2011-01-03 15:07 UTC, Agostino Sarubbo
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description cilly 2010-05-13 06:08:49 UTC
Security and bug fixes.

Ebuild request
Stable request
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2010-05-13 19:35:28 UTC
MySQL 5.0 (stable version for Gentoo) is affected also:
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html

please update 5.0/5.1 as soon as the new versions are out
Comment 2 Brian Evans Gentoo Infrastructure gentoo-dev 2010-05-14 15:05:46 UTC
Also affects <dev-db/mariadb-5.1.44b with respect to CVE-2010-1848.
http://askmonty.org/wiki/Manual:MariaDB_5.1.44b_Release_Notes
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2010-05-22 02:16:20 UTC
I have added it to the MySQL overlay, however, there is a critical breakage in 5.0.91, that makes the Archive engine completely unusable.

http://bugs.mysql.com/bug.php?id=53909
Comment 4 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2010-08-09 05:03:55 UTC
Security:
ebuild in the tree, ready for stabilization testing.
test instructions in the ebuild, same as usual for MySQL.
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-01-02 03:35:18 UTC
(In reply to comment #4)
> Security:
> ebuild in the tree, ready for stabilization testing.
> test instructions in the ebuild, same as usual for MySQL.
> 

With 5.1.52-r1 or 5.1.53 (maybe ;) going stable in 344987, should we stabilize 5.0.91 here, or are 5.1.x good enough?
Comment 6 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2011-01-03 05:02:09 UTC
5.0.91 useful for any users that cannot upgrade to 5.1.x, so yes, it should probably go stable if possible.
Comment 7 Tim Sammut (RETIRED) gentoo-dev 2011-01-03 05:05:23 UTC
(In reply to comment #6)
> 5.0.91 useful for any users that cannot upgrade to 5.1.x, so yes, it should
> probably go stable if possible.
> 

Ok, thank you.

Arches, please test and mark stable:
=dev-db/mysql-5.0.91
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 8 Agostino Sarubbo gentoo-dev 2011-01-03 15:03:33 UTC
I see a conflict with virtual/mysql:

amd64box spin # emerge -av =dev-db/mysql-5.0.91

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild  N    ] dev-db/mysql-init-scripts-1.2  0 kB
[ebuild  N    ] sys-apps/ed-1.4  89 kB
[ebuild  N    ] dev-perl/Net-Daemon-0.43  28 kB
[ebuild  N    ] perl-core/Storable-2.20  0 kB
[ebuild  N    ] perl-core/File-Spec-3.31  132 kB
[ebuild  N    ] virtual/perl-Sys-Syslog-0.27  0 kB
[ebuild  N    ] virtual/perl-Storable-2.20  0 kB
[ebuild  N    ] virtual/perl-File-Spec-3.31  0 kB
[ebuild  N    ] dev-perl/PlRPC-0.2020-r1  18 kB
[ebuild  N    ] dev-perl/DBI-1.615  USE="test" 558 kB
[ebuild  N    ] dev-db/mysql-5.0.91  USE="berkdb community perl ssl test -big-tables -cluster -debug -embedded -extraengine -latin1 -max-idx-128 -minimal -profiling (-selinux) -static" 23,017 kB                    
[ebuild  N    ] virtual/mysql-5.0  0 kB
[ebuild  N    ] dev-perl/DBD-mysql-4.01.7  130 kB

Total: 13 packages (13 new), Size of downloads: 23,971 kB

!!! One or more updates have been skipped due to a dependency conflict:

dev-db/mysql:0

  (dev-db/mysql-5.1.51, ebuild scheduled for merge) conflicts with
    =dev-db/mysql-5.0.91


!!! The following update(s) have been skipped due to unsatisfied dependencies
!!! triggered by backtracking:

virtual/mysql:0

is this expected?

and:


[ .. ]
config.status: executing libtool commands
/bin/rm: cannot remove `libtoolT': No such file or directory
config.status: executing default commands
=== configuring in innobase (/tmp/portage/dev-db/mysql-5.0.91/work/mysql/innobase)

On config phase
Comment 9 Agostino Sarubbo gentoo-dev 2011-01-03 15:07:11 UTC
Created attachment 258747 [details]
Build log

I forgot to add that despite the error, all works fine on amd64
Comment 10 Jorge Manuel B. S. Vicetto Gentoo Infrastructure gentoo-dev 2011-01-03 16:21:51 UTC
(In reply to comment #8)
> I see a conflict with virtual/mysql:
> 
> !!! One or more updates have been skipped due to a dependency conflict:
> 
> dev-db/mysql:0
> 
>   (dev-db/mysql-5.1.51, ebuild scheduled for merge) conflicts with
>     =dev-db/mysql-5.0.91
> 
> is this expected?

To test mysql-5.0 you'll have to mask mysql-5.1, including the virtual/mysql-5.1.
Comment 11 Christian Faulhammer (RETIRED) gentoo-dev 2011-01-03 20:24:11 UTC
x86 stable
Comment 12 Markos Chandras (RETIRED) gentoo-dev 2011-01-04 14:43:34 UTC
amd64 done
Comment 13 Jeroen Roovers gentoo-dev 2011-01-05 16:08:38 UTC
Stable for HPPA PPC.
Comment 14 Raúl Porcel (RETIRED) gentoo-dev 2011-01-08 12:58:09 UTC
alpha/arm/ia64/s390/sh/sparc stable
Comment 15 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-01-10 12:19:29 UTC
ppc64 stable, last arch done
Comment 16 Tim Sammut (RETIRED) gentoo-dev 2011-01-10 16:43:37 UTC
Thank you, folks. Added to existing GLSA request.
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2012-01-05 22:47:04 UTC
This issue was resolved and addressed in
 GLSA 201201-02 at http://security.gentoo.org/glsa/glsa-201201-02.xml
by GLSA coordinator Tim Sammut (underling).