Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 819891 (CVE-2021-2478, CVE-2021-2479, CVE-2021-2481, CVE-2021-35537, CVE-2021-35546, CVE-2021-35575, CVE-2021-35577, CVE-2021-35591, CVE-2021-35596, CVE-2021-35602, CVE-2021-35607, CVE-2021-35608, CVE-2021-35610, CVE-2021-35612, CVE-2021-35622, CVE-2021-35623, CVE-2021-35624, CVE-2021-35625, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35629, CVE-2021-35630, CVE-2021-35631, CVE-2021-35632, CVE-2021-35633, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35637, CVE-2021-35638, CVE-2021-35639, CVE-2021-35640, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2021-35648) - <dev-db/mysql-{5.7.36,8,0,27}: multiple vulnerabilities (Oracle CPU Oct 2021)
Summary: <dev-db/mysql-{5.7.36,8,0,27}: multiple vulnerabilities (Oracle CPU Oct 2021)
Status: CONFIRMED
Alias: CVE-2021-2478, CVE-2021-2479, CVE-2021-2481, CVE-2021-35537, CVE-2021-35546, CVE-2021-35575, CVE-2021-35577, CVE-2021-35591, CVE-2021-35596, CVE-2021-35602, CVE-2021-35607, CVE-2021-35608, CVE-2021-35610, CVE-2021-35612, CVE-2021-35622, CVE-2021-35623, CVE-2021-35624, CVE-2021-35625, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35629, CVE-2021-35630, CVE-2021-35631, CVE-2021-35632, CVE-2021-35633, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35637, CVE-2021-35638, CVE-2021-35639, CVE-2021-35640, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2021-35648
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://www.oracle.com/security-alert...
Whiteboard: B3 [glsa?]
Keywords:
Depends on:
Blocks: 822756
  Show dependency tree
 
Reported: 2021-10-23 21:37 UTC by John Helmert III
Modified: 2023-11-28 16:31 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-23 21:37:10 UTC
Omitting descriptions as Bugzilla won't take a bug description that long.

Seems like we need bumps to >5.7.35 and >8.0.26. I also noticed while
checking for curl bundledness that the package is configured with
"-DWITH_CURL=system" but doesn't specify a dependency on curl. Missing
dependency?