> On Aug 8, 2016, at 05:02, Bernard Spil <br...@freebsd.org> wrote: > >> On 2016-08-06 23:17, Mark Felder wrote: >>> On Sat, Aug 6, 2016, at 07:34, Kubilay Kocak wrote: >>> On 6/08/2016 7:23 AM, Michael Grimm wrote: >>> > Hi — >>> > >>> > Kubilay Kocak <ko...@freebsd.org> wrote: >>> > >>> >> Unfortunately you are yet one more example of a user that's been left in >>> >> the lurch without information or recourse wondering (rightfully) how >>> >> they can resolve or mitigate this vulnerability. Our apologies. >>> > >>> > While we are that topic, I am wondering about that 14 days old warning, >>> > as well: >>> > >>> > mariadb101-server-10.1.16 is vulnerable: >>> > MySQL -- Multiple vulnerabilities >>> > CVE: CVE-2016-3452 >>> > [long list of CVEs snipped] >>> > CVE: CVE-2016-3477 >>> > >>> > https://vuxml.FreeBSD.org/freebsd/ca5cb202-4f51-11e6-b2ec-b499baebfeaf.html >>> > >>> > I really do not know how serious this report is. Every feedback is highly >>> > appreciated. >>> Hi Michael: >>> Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211274 >>> Your comment on that issue would be appreciated. >>> The parent issue (assigned to ports-secteam (cc'd)) for coordinating the >>> multiple vulnerable ports is: >>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211248 >> From what I can see MariaDB hasn't released an update to address these >> issues yet. I believe Oracles does not coordinate release of security >> issues with third parties / forks. This has probably caught MariaDB off >> guard and they're likely waiting for access to the relevant commits to >> import the fixes. > > Hi Mark, > > The CVE's mention MariaDB where applicable. > > Added versions where these vulns were fixed for MariaDB. PerconaDB follows > the MySQL release numbering and has also received updates so I added version > checks there as well. > > See https://svnweb.freebsd.org/ports?view=revision&revision=419813 >
Thanks for keeping an eye on this! _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
