Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options. External References: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html#AppendixMSQL
@ago: the matrix also indicated a similar vulnerability in GIS (CVE-2013-1861), did you mean to exclude that one? @maintainers: fixed versions (5.1.70, 5.5.32) are in the tree already, please ack a stable.
(In reply to Chris Reffett from comment #1) > @ago: the matrix also indicated a similar vulnerability in GIS > (CVE-2013-1861), did you mean to exclude that one? > > @maintainers: fixed versions (5.1.70, 5.5.32) are in the tree already, > please ack a stable. mysql-5.5 has not been stabled yet, so 5.5.32 will wait for the 5.5 stabilization bug. Arches, please go ahead with 5.1.70.
amd64 stable
x86 stable
alpha stable
ia64 stable
ppc64 stable
ppc stable
arm stable
sh stable
sparc stable
Um. Wow.
Stable for HPPA.
s390 stable
CVE-2013-3808 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3808): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options. CVE-2013-3804 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3804): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. CVE-2013-3802 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3802): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
GLSA request filed.
@maintainers: while we work on the GLSA, clean affected versions please.
This issue was resolved and addressed in GLSA 201308-06 at http://security.gentoo.org/glsa/glsa-201308-06.xml by GLSA coordinator Sergey Popov (pinkbyte).