Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 789243 - <dev-db/mysql-{5.7.34,8.0.24}: multiple vulnerabilities (CPU April 2021)
Summary: <dev-db/mysql-{5.7.34,8.0.24}: multiple vulnerabilities (CPU April 2021)
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [stable cve glsa+]
Keywords:
Depends on: 761715 803620
Blocks: gcc-11 CVE-2021-2154, CVE-2021-2166, CVE-2021-2180 CVE-2021-2146, CVE-2021-2162, CVE-2021-2164, CVE-2021-2169, CVE-2021-2170, CVE-2021-2171, CVE-2021-2172, CVE-2021-2174, CVE-2021-2179, CVE-2021-2193, CVE-2021-2194, CVE-2021-2196, CVE-2021-2201, CVE-2021-2203, CVE-2021-2208, CVE-2021-2212, CVE-2021-2215, CVE-2021-2217, CVE-2021-2226, CVE-2021-2230, CVE-2021-2232, CVE-2021-2278, CVE-2021-2293, CVE-2021-2298, CVE-2021-2299, CVE-2021-2300, CVE-2021-2301, CVE-2021-2304, CVE-2021-2305, CVE-2021-2307, CVE-2021-2308 CVE-2021-1998, CVE-2021-2001, CVE-2021-2002, CVE-2021-2006, CVE-2021-2007, CVE-2021-2009, CVE-2021-2010, CVE-2021-2011, CVE-2021-2012, CVE-2021-2014, CVE-2021-2016, CVE-2021-2019, CVE-2021-2020, CVE-2021-2021, CVE-2021-2022, CVE-2021-2024, CVE-2021-2028, CVE-2021-2030, CVE-2021-2031, CVE-2021-2032, CVE-2021-2036, CVE-2021-2038, CVE-2021-2042, CVE-2021-2046, CVE-2021-2048, CVE-2021-2055, CVE-2021-2056, CVE-2021-2058, CVE-2021-2060, CVE-2021-2061, CVE-2021-2065, CVE-2021-2070, CVE-2021-2072, CVE-2021-2076, CVE-2021-2081, CVE-2021-2087, CVE-2021-2088, CVE-2021-2122
  Show dependency tree
 
Reported: 2021-05-09 23:36 UTC by GLSAMaker/CVETool Bot
Modified: 2021-12-17 06:25 UTC (History)
1 user (show)

See Also:
Package list:
dev-db/mysql-5.7.34 dev-db/mysql-8.0.25
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2021-05-09 23:36:54 UTC
Incoming details.
Comment 1 Thomas Deutschmann gentoo-dev Security 2021-05-09 23:57:41 UTC
@ arches,

please test and mark stable:

=dev-db/mysql-5.7.34 amd64 arm arm64 ia64 ppc ppc64 x86
=dev-db/mysql-8.0.24 amd64 arm arm64 ia64 ppc ppc64 x86


# Official test instructions:
ulimit -n 16500 && \
USE='perl server' \
FEATURES='test userpriv -usersandbox' \
ebuild mysql-X.X.XX.ebuild \
digest clean package

Note: <mysql-8 will need USE=latin1 for tests!
Comment 2 Thomas Deutschmann gentoo-dev Security 2021-05-10 00:01:21 UTC
Freeing alias for tracker bug creation.
Comment 3 Thomas Deutschmann gentoo-dev Security 2021-05-12 14:21:41 UTC
Stopping stabilization, incoming 8.0.25 which fixes a regression caused by 8.0.24.
Comment 4 NATTkA bot gentoo-dev 2021-05-12 14:24:20 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-05-12 15:40:24 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-05-12 15:44:24 UTC Comment hidden (obsolete)
Comment 7 Thomas Deutschmann gentoo-dev Security 2021-05-24 01:19:51 UTC
x86 stable
Comment 8 Thomas Deutschmann gentoo-dev Security 2021-05-24 01:20:02 UTC
x86 stable
Comment 9 Thomas Deutschmann gentoo-dev Security 2021-05-24 18:08:35 UTC
Added to an existing GLSA request.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2021-05-26 09:52:33 UTC
This issue was resolved and addressed in
 GLSA 202105-27 at https://security.gentoo.org/glsa/202105-27
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 11 Thomas Deutschmann gentoo-dev Security 2021-05-26 09:53:16 UTC
Re-opening for remaining architectures.
Comment 12 Sam James archtester gentoo-dev Security 2021-07-06 18:02:25 UTC
amd64 done
Comment 13 Andreas K. Hüttel archtester gentoo-dev 2021-09-20 19:28:34 UTC
@arches: ping
Comment 14 Andreas K. Hüttel archtester gentoo-dev 2021-09-27 19:03:52 UTC
@arches: ping
Comment 15 Andreas K. Hüttel archtester gentoo-dev 2021-10-05 23:03:39 UTC
@arches: ping, anyone alive out there?
Comment 16 Sam James archtester gentoo-dev Security 2021-10-12 00:09:57 UTC
arm64 done
Comment 17 Sam James archtester gentoo-dev Security 2021-10-14 09:44:44 UTC
arm done
Comment 18 Sam James archtester gentoo-dev Security 2021-10-16 02:44:58 UTC
ppc64 done
Comment 19 Sam James archtester gentoo-dev Security 2021-10-16 02:45:23 UTC
ppc done

all arches done
Comment 20 Sam James archtester gentoo-dev Security 2021-10-16 02:45:53 UTC
(In reply to Sam James from comment #19)
> ppc done
> 
> all arches done

Stabled 5.x but can't do 8.x due to bug 761715.
Comment 21 NATTkA bot gentoo-dev 2021-10-16 02:48:46 UTC
Keywords are not fully specified and arches are not CC-ed for the following packages:

- =dev-db/mysql-8.0.25