I still have a server running mysql 4.1.22, and it's marked as having the "MyISAM table privileges secuity [sic] bypass vulnerability". According to CVE-2008-2079 (linked from portaudit), this is fixed in 4.1.24.
I was going to file a PR asking for an update to 4.1.24, but then I discovered that MySQL 4.1 is in the "extended support" phase where they aren't releasing tarballs any more (and of course no binaries). The source *is* still available, but it's in the bazaar repo (see: http://blogs.sun.com/datacharmer/entry/hidden_jevewls_in_mysql_bazaar ). This can be checked out and built, but having a build-dep of bzr is probably not wanted. Is it feasible (both license-wise and technically) to have a mirror of a 4.1.24 bzr checkout in tarball form somewhere, so the port can be built? Thanks, Andrew _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"
