Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 625626 (CVE-2017-3633, CVE-2017-3634, CVE-2017-3637, CVE-2017-3647, CVE-2017-3649) - <dev-db/mysql-5.6.37-r1: multiple vulnerabilities (CPU JUL 2017) (CVE-2017-{3633,3634,3635,3636,3637,3641,3648,3647,3649,3651,3652,3653,3732})<
Summary: <dev-db/mysql-5.6.37-r1: multiple vulnerabilities (CPU JUL 2017) (CVE-2017-{3...
Status: RESOLVED FIXED
Alias: CVE-2017-3633, CVE-2017-3634, CVE-2017-3637, CVE-2017-3647, CVE-2017-3649
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+ cve glsa+ blocked]
Keywords:
: CVE-2017-3635, CVE-2017-3636, CVE-2017-3641, CVE-2017-3648, CVE-2017-3651, CVE-2017-3652, CVE-2017-3653 (view as bug list)
Depends on: CVE-2017-3305 CVE-2017-10155, CVE-2017-10227, CVE-2017-10268, CVE-2017-10276, CVE-2017-10279, CVE-2017-10283, CVE-2017-10286, CVE-2017-10294, CVE-2017-10314, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384
Blocks: 548132 CVE-2017-3308, CVE-2017-3309, CVE-2017-3329, CVE-2017-3450, CVE-2017-3452, CVE-2017-3453, CVE-2017-3456, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3599, CVE-2017-3600
  Show dependency tree
 
Reported: 2017-07-19 13:05 UTC by Agostino Sarubbo
Modified: 2018-02-20 01:00 UTC (History)
3 users (show)

See Also:
Package list:
dev-db/mysql-5.6.37-r1
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Brian Evans (RETIRED) gentoo-dev 2017-07-30 13:26:11 UTC
*** Bug 626572 has been marked as a duplicate of this bug. ***
Comment 2 Brian Evans (RETIRED) gentoo-dev 2017-08-14 23:33:07 UTC
@ Arches, please test and mark stable.
The test suite should pass following the official instructions.
Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances)

Target keywords:
=dev-db/mysql-5.6.37 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86

# Official test instructions:
# USE='server embedded extraengine perl openssl static-libs' \
# FEATURES='test userpriv -usersandbox' \
# ebuild mysql-5.6.37.ebuild \
# digest clean package

# Parallel testing is enabled, auto will try to detect number of cores
# You may set this by hand.
# The default maximum is 8 unless MTR_MAX_PARALLEL is increased
export MTR_PARALLEL="${MTR_PARALLEL:-auto}"
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2017-08-15 04:12:48 UTC
Please do not add cve to whiteboard if you are not part of security. CVE in whiteboard means that security has assigned the CVE's in the Gentoo CVE database. 

Version: 5.6.36 and earlier vulnerable

CVE-2017-3633
CVE-2017-3634
CVE-2017-3635
CVE-2017-3636
CVE-2017-3637
CVE-2017-3641
CVE-2017-3648
CVE-2017-3647
CVE-2017-3649
CVE-2017-3651
CVE-2017-3652
CVE-2017-3653
CVE-2017-3732
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2017-08-17 20:19:38 UTC
ia64 stable
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-18 20:25:35 UTC
x86 stable
Comment 6 Markus Meier gentoo-dev 2017-08-23 04:56:59 UTC
arm stable
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2017-08-25 21:51:46 UTC
amd64 stable
Comment 8 Aaron Bauman (RETIRED) gentoo-dev 2017-09-10 22:11:13 UTC
sparc was dropped to exp.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-30 03:02:29 UTC
ppc64 stable
Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-30 08:41:12 UTC
ppc stable
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2018-01-16 13:34:02 UTC
Superseded by bug 634652.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2018-02-20 01:00:03 UTC
This issue was resolved and addressed in
 GLSA 201802-04 at https://security.gentoo.org/glsa/201802-04
by GLSA coordinator Thomas Deutschmann (whissi).