+++ This bug was initially created as a clone of Bug #555478 +++ A security update of mysql described at $URL
$URL lists these CVEs (resorted for readability): CVE-2015-4772 CVE-2015-4771 CVE-2015-4769 CVE-2015-4767 CVE-2015-4761 CVE-2015-4757 CVE-2015-4756 CVE-2015-4752 CVE-2015-4737 CVE-2015-2661 CVE-2015-2648 CVE-2015-2643 CVE-2015-2641 CVE-2015-2639 CVE-2015-2620 CVE-2015-2617 CVE-2015-2611 CVE-2015-2582 https://mariadb.com/kb/en/mariadb/security/#cves-affecting-oracle-mysql says the follow CVEs cannot be determined since Oracle does not disclose information and listed as 5.6 only. CVE-2015-4772 CVE-2015-4771 CVE-2015-4769 CVE-2015-4767 CVE-2015-4761 CVE-2015-4756 CVE-2015-2661 CVE-2015-2641 CVE-2015-2639 CVE-2015-2617 CVE-2015-2611 CVE-2015-2567 CVE-2015-2566 So that leaves these as yet to be determined: CVE-2015-4757 CVE-2015-4752 CVE-2015-4737 CVE-2015-2648 CVE-2015-2643 CVE-2015-2620 CVE-2015-2582
Summary of maria-discuss post[1]: >Thanks. I've updated the security page[2] now. >I think that CVE-2015-4757 is fixed in 5.5.43 (and 10.0.18), and > CVE-2015-4752 > CVE-2015-2648 > CVE-2015-2643 > CVE-2015-2582 >are fixed in 5.5.44 (and 10.0.20). Though the CVEs only go up to <10.0.20 I am targeting 10.0.21 for connection issues related, but not vulnerable, to LogJam. Arches, please test and mark stable. The test suite should pass following the official instructions. Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances) Target keywords: =dev-db/mariadb-10.0.21 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 # Official test instructions: # USE='embedded extraengine perl ssl static-libs community' \ # FEATURES='test userpriv -usersandbox' \ # ebuild mariadb-10.0.21.ebuild \ # digest clean package # Parallel testing is enabled, auto will try to detect number of cores # You may set this by hand. # The default maximum is 8 unless MTR_MAX_PARALLEL is increased export MTR_PARALLEL="${MTR_PARALLEL:-auto}" [1] https://lists.launchpad.net/maria-discuss/msg02868.html [2] https://mariadb.com/kb/en/mariadb/security/
Stable on alpha.
Stable for PPC64.
amd64 stable
Stable for HPPA.
*** Bug 548134 has been marked as a duplicate of this bug. ***
arm stable
ppc stable
x86 stable
sparc stable
@ia64: ping month old security bug needs some love
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Cleanup complete
Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201610-06 at https://security.gentoo.org/glsa/201610-06 by GLSA coordinator Aaron Bauman (b-man).