http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
Arches, please test and mark stable. Target keywords: dev-db/mysql-5.6.24 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 # Official test instructions: # USE='embedded extraengine perl ssl static-libs community' \ # FEATURES='test userpriv -usersandbox' \ # ebuild mysql-5.6.24.ebuild \ # digest clean package Parallel testing is on by default and can be set with MTR_PARALLEL=x (default is attempted to be num cpus/cores as read by perl via /proc/cpuinfo) up to MTR_MAX_PARALLEL=x (default 8). These may be set as additional environment variables to the above command.
CVE-2015-2573 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2573): Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. CVE-2015-2571 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2571): Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. CVE-2015-2568 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2568): Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. CVE-2015-2567 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2567): Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. CVE-2015-2566 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2566): Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML. CVE-2015-0511 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0511): Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP. CVE-2015-0508 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0508): Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506. CVE-2015-0507 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0507): Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. CVE-2015-0506 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0506): Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508. CVE-2015-0505 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0505): Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. CVE-2015-0503 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0503): Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. CVE-2015-0501 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0501): Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. CVE-2015-0500 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0500): Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors. CVE-2015-0499 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0499): Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. CVE-2015-0498 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0498): Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication. CVE-2015-0441 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0441): Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption. CVE-2015-0439 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0439): Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. CVE-2015-0438 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0438): Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. CVE-2015-0433 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0433): Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. CVE-2015-0423 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0423): Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. CVE-2015-0405 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0405): Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.
amd64 stable
x86 stable
Stable for HPPA.
Stable for PPC64.
sparc stable
alpha stable
ia64 stable
ppc stable
arm stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Cleanup done. --- ./ChangeLog +++ ./ChangeLog @@ -4,0 +5,4 @@ + 27 May 2015; Brian Evans <grknight@gentoo.org> -mysql-5.5.42.ebuild, + -mysql-5.6.22.ebuild, -mysql-5.6.23.ebuild: + Drop vulnerable versions for security bug 546722
Arches and Maintainer(s), Thank you for your work. New GLSA Request filed.
This issue was resolved and addressed in GLSA 201507-19 at https://security.gentoo.org/glsa/201507-19 by GLSA coordinator Mikle Kolyada (Zlogene).