Comment 1 Hanno Böck 2016-11-01 22:16:13 UTC

Here's some more background, this looks pretty bad:
http://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html

The fixed versions (10.1.18, 10.0.28) are already in the tree. Can we start stabiliziing

Comment 2 Brian Evans 2016-11-02 14:44:05 UTC

Arches, please test and mark stable.
The test suite should pass following the official instructions.
Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances)

Target keywords:
=dev-db/mariadb-10.0.28 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86

# Official test instructions:
# USE='embedded extraengine perl server openssl static-libs' \
# FEATURES='test userpriv -usersandbox' \
# ebuild mariadb-10.0.28.ebuild \
# digest clean package

# Parallel testing is enabled, auto will try to detect number of cores
# You may set this by hand.
# The default maximum is 8 unless MTR_MAX_PARALLEL is increased
export MTR_PARALLEL="${MTR_PARALLEL:-auto}"

Comment 3 Jeroen Roovers (RETIRED) 2016-11-04 08:04:05 UTC

Stable for HPPA PPC64.

Comment 4 Agostino Sarubbo 2016-11-04 08:21:36 UTC

amd64 stable

Comment 5 Agostino Sarubbo 2016-11-04 08:24:55 UTC

x86 stable

Comment 6 Markus Meier 2016-11-10 17:52:17 UTC

arm stable

Comment 7 Tobias Klausmann (RETIRED) 2016-11-14 17:20:38 UTC

Stable on alpha.

Comment 8 Aaron Bauman 2016-11-19 06:18:13 UTC

CVE's assigned to bug 597538 which will be addressed in the same GLSA.

Comment 9 Agostino Sarubbo 2016-12-19 14:38:41 UTC

sparc stable

Comment 10 Agostino Sarubbo 2016-12-19 15:15:19 UTC

ia64 stable

Comment 11 Agostino Sarubbo 2016-12-20 09:48:24 UTC

ppc stable.

Maintainer(s), please cleanup.

Comment 12 Brian Evans 2016-12-20 13:59:57 UTC

Cleanup complete

Comment 13 GLSAMaker/CVETool Bot 2017-01-01 13:37:46 UTC

This issue was resolved and addressed in
 GLSA 201701-01 at https://security.gentoo.org/glsa/201701-01
by GLSA coordinator Thomas Deutschmann (whissi).