Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 766339 (CVE-2021-1998, CVE-2021-2001, CVE-2021-2002, CVE-2021-2006, CVE-2021-2007, CVE-2021-2009, CVE-2021-2010, CVE-2021-2011, CVE-2021-2012, CVE-2021-2014, CVE-2021-2016, CVE-2021-2019, CVE-2021-2020, CVE-2021-2021, CVE-2021-2022, CVE-2021-2024, CVE-2021-2028, CVE-2021-2030, CVE-2021-2031, CVE-2021-2032, CVE-2021-2036, CVE-2021-2038, CVE-2021-2042, CVE-2021-2046, CVE-2021-2048, CVE-2021-2055, CVE-2021-2056, CVE-2021-2058, CVE-2021-2060, CVE-2021-2061, CVE-2021-2065, CVE-2021-2070, CVE-2021-2072, CVE-2021-2076, CVE-2021-2081, CVE-2021-2087, CVE-2021-2088, CVE-2021-2122) - <dev-db/mysql-{5.7.33,8.0.23}: multiple vulnerabilities (CPU Jan 2021)
Summary: <dev-db/mysql-{5.7.33,8.0.23}: multiple vulnerabilities (CPU Jan 2021)
Status: IN_PROGRESS
Alias: CVE-2021-1998, CVE-2021-2001, CVE-2021-2002, CVE-2021-2006, CVE-2021-2007, CVE-2021-2009, CVE-2021-2010, CVE-2021-2011, CVE-2021-2012, CVE-2021-2014, CVE-2021-2016, CVE-2021-2019, CVE-2021-2020, CVE-2021-2021, CVE-2021-2022, CVE-2021-2024, CVE-2021-2028, CVE-2021-2030, CVE-2021-2031, CVE-2021-2032, CVE-2021-2036, CVE-2021-2038, CVE-2021-2042, CVE-2021-2046, CVE-2021-2048, CVE-2021-2055, CVE-2021-2056, CVE-2021-2058, CVE-2021-2060, CVE-2021-2061, CVE-2021-2065, CVE-2021-2070, CVE-2021-2072, CVE-2021-2076, CVE-2021-2081, CVE-2021-2087, CVE-2021-2088, CVE-2021-2122
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.oracle.com/security-alert...
Whiteboard: A3 [stable blocked]
Keywords:
Depends on: 789243
Blocks:
  Show dependency tree
 
Reported: 2021-01-21 02:57 UTC by John Helmert III
Modified: 2021-05-10 00:00 UTC (History)
1 user (show)

See Also:
Package list:
dev-db/mysql-5.7.33 dev-db/mysql-8.0.23
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-01-21 02:57:23 UTC
Numerous vulnerabilities for MySQL were released in their January
2021 CPU, not all of which are fixed in the versions in tree, so please bump.
Comment 1 Larry the Git Cow gentoo-dev 2021-01-21 22:32:24 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83a86eee469fdc6c81ce73e5a39e0a66f5309753

commit 83a86eee469fdc6c81ce73e5a39e0a66f5309753
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-01-21 21:14:54 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-01-21 22:32:10 +0000

    dev-db/mysql: bump to v8.0.23
    
    Closes: https://bugs.gentoo.org/763960
    Bug: https://bugs.gentoo.org/766339
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-db/mysql/Manifest            |    2 +
 dev-db/mysql/mysql-8.0.23.ebuild | 1159 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 1161 insertions(+)
Comment 2 Thomas Deutschmann gentoo-dev Security 2021-02-01 15:22:24 UTC
@ arches,

please test and mark stable:

=dev-db/mysql-5.7.33 amd64 arm arm64 ia64 ppc ppc64 x86
=dev-db/mysql-8.0.23 amd64 arm arm64 ia64 ppc ppc64 x86


# Official test instructions:
ulimit -n 16500 && \
USE='perl server' \
FEATURES='test userpriv -usersandbox' \
ebuild mysql-X.X.XX.ebuild \
digest clean package

Note: <mysql-8 will need USE=latin1 for tests!
Comment 3 Thomas Deutschmann gentoo-dev Security 2021-02-03 23:56:08 UTC
x86 stable
Comment 4 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2021-02-26 08:50:11 UTC
amd64 stable
Comment 5 Thomas Deutschmann gentoo-dev Security 2021-05-09 23:58:13 UTC
Superseded by bug 789243.
Comment 6 NATTkA bot gentoo-dev 2021-05-10 00:00:34 UTC
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.