+++ This bug was initially created as a clone of Bug #555478 +++
A security update of mysql described at $URL
$URL lists these CVEs (resorted for readability):
https://mariadb.com/kb/en/mariadb/security/#cves-affecting-oracle-mysql says the follow CVEs cannot be determined since Oracle does not disclose information and listed as 5.6 only.
So that leaves these as yet to be determined:
Summary of maria-discuss post:
>Thanks. I've updated the security page now.
>I think that CVE-2015-4757 is fixed in 5.5.43 (and 10.0.18), and
>are fixed in 5.5.44 (and 10.0.20).
Though the CVEs only go up to <10.0.20 I am targeting 10.0.21 for connection issues related, but not vulnerable, to LogJam.
Arches, please test and mark stable.
The test suite should pass following the official instructions.
Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances)
=dev-db/mariadb-10.0.21 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
# Official test instructions:
# USE='embedded extraengine perl ssl static-libs community' \
# FEATURES='test userpriv -usersandbox' \
# ebuild mariadb-10.0.21.ebuild \
# digest clean package
# Parallel testing is enabled, auto will try to detect number of cores
# You may set this by hand.
# The default maximum is 8 unless MTR_MAX_PARALLEL is increased
Stable on alpha.
Stable for PPC64.
Stable for HPPA.
*** Bug 548134 has been marked as a duplicate of this bug. ***
month old security bug needs some love
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Arches and Maintainer(s), Thank you for your work.
Added to an existing GLSA Request.
This issue was resolved and addressed in
GLSA 201610-06 at https://security.gentoo.org/glsa/201610-06
by GLSA coordinator Aaron Bauman (b-man).