A security update of mariadb described at $URL
Version 10.0.25 seems fine, tested in production on amd64.
Arches, please test and mark stable. The test suite should pass following the official instructions. Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances) Target keywords: =dev-db/mariadb-10.0.25 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 # Official test instructions: # USE='embedded extraengine perl server openssl static-libs' \ # FEATURES='test userpriv -usersandbox' \ # ebuild mariadb-X.X.XX.ebuild \ # digest clean package # Parallel testing is enabled, auto will try to detect number of cores # You may set this by hand. # The default maximum is 8 unless MTR_MAX_PARALLEL is increased export MTR_PARALLEL="${MTR_PARALLEL:-auto}"
Stable for HPPA PPC64.
Stable on alpha.
arm stable
amd64 stable
x86 stable
ppc stable
sparc stable
ia64 stable. Maintainer(s), please cleanup.
Cleanup is done
CVE-2016-0668 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0668): Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB. CVE-2016-0655 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0655): Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows local users to affect availability via vectors related to InnoDB. CVE-2016-0651 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0651): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. CVE-2016-0650 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0650): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to Replication. CVE-2016-0649 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0649): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to PS. CVE-2016-0648 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0648): Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to PS. CVE-2016-0647 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0647): Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to FTS. CVE-2016-0646 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0646): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to DML. CVE-2016-0644 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0644): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to DDL. CVE-2016-0643 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0643): Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect confidentiality via vectors related to DML. CVE-2016-0642 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0642): Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. CVE-2016-0641 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0641): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect confidentiality and availability via vectors related to MyISAM. CVE-2016-0640 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0640): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect integrity and availability via vectors related to DML.
Added to existing GLSA.
This issue was resolved and addressed in GLSA 201610-06 at https://security.gentoo.org/glsa/201610-06 by GLSA coordinator Aaron Bauman (b-man).