Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 729770 (CVE-2020-13249) - <dev-db/mariadb-connector-c-3.1.8: Improper packet validation (CVE-2020-13249)
Summary: <dev-db/mariadb-connector-c-3.1.8: Improper packet validation (CVE-2020-13249)
Status: RESOLVED FIXED
Alias: CVE-2020-13249
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-06-26 20:08 UTC by Sam James
Modified: 2020-07-28 20:22 UTC (History)
1 user (show)

See Also:
Package list:
=dev-db/mariadb-connector-c-3.1.9
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-26 20:08:26 UTC
Description:
"libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle."
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2020-06-26 21:01:30 UTC
We will go with latest version already.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-27 20:51:13 UTC
arm64 stable
Comment 3 Rolf Eike Beer archtester 2020-06-28 08:39:24 UTC
sparc stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-06-28 20:29:10 UTC
amd64 stable
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2020-06-28 20:29:25 UTC
x86 stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-06-28 20:31:27 UTC
arm stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-06-28 20:38:31 UTC
ppc64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-06-28 20:41:29 UTC
s390 stable
Comment 9 Rolf Eike Beer archtester 2020-06-29 20:56:16 UTC
hppa stable
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-17 00:04:33 UTC
Please cleanup.
Comment 11 Larry the Git Cow gentoo-dev 2020-07-26 02:05:47 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3ab991c7c6bbfd1d9b5861352b1581ef6d58de0

commit c3ab991c7c6bbfd1d9b5861352b1581ef6d58de0
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-07-26 02:05:35 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-07-26 02:05:35 +0000

    dev-db/mariadb-connector-c: security cleanup
    
    Bug: https://bugs.gentoo.org/729770
    Package-Manager: Portage-3.0.0, Repoman-2.3.23
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-db/mariadb-connector-c/Manifest                |  3 -
 .../mariadb-connector-c-3.1.6.ebuild               | 88 ----------------------
 .../mariadb-connector-c-3.1.7.ebuild               | 88 ----------------------
 .../mariadb-connector-c-3.1.8.ebuild               | 88 ----------------------
 4 files changed, 267 deletions(-)