On 2016-08-06 23:17, Mark Felder wrote:
On Sat, Aug 6, 2016, at 07:34, Kubilay Kocak wrote:
On 6/08/2016 7:23 AM, Michael Grimm wrote:
> Hi —
>
> Kubilay Kocak <[email protected]> wrote:
>
>> Unfortunately you are yet one more example of a user that's been left in
>> the lurch without information or recourse wondering (rightfully) how
>> they can resolve or mitigate this vulnerability. Our apologies.
>
> While we are that topic, I am wondering about that 14 days old warning, as
well:
>
> mariadb101-server-10.1.16 is vulnerable:
> MySQL -- Multiple vulnerabilities
> CVE: CVE-2016-3452
> [long list of CVEs snipped]
> CVE: CVE-2016-3477
> https://vuxml.FreeBSD.org/freebsd/ca5cb202-4f51-11e6-b2ec-b499baebfeaf.html
>
> I really do not know how serious this report is. Every feedback is highly
appreciated.
Hi Michael:
Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211274
Your comment on that issue would be appreciated.
The parent issue (assigned to ports-secteam (cc'd)) for coordinating
the
multiple vulnerable ports is:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211248
From what I can see MariaDB hasn't released an update to address these
issues yet. I believe Oracles does not coordinate release of security
issues with third parties / forks. This has probably caught MariaDB off
guard and they're likely waiting for access to the relevant commits to
import the fixes.
Hi Mark,
The CVE's mention MariaDB where applicable.
Added versions where these vulns were fixed for MariaDB. PerconaDB
follows the MySQL release numbering and has also received updates so I
added version checks there as well.
See https://svnweb.freebsd.org/ports?view=revision&revision=419813
Cheers,
Bernard.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[email protected]"
