Re: mariadb101-server vulnerability?
On 2016-08-06 23:17, Mark Felder wrote: On Sat, Aug 6, 2016, at 07:34, Kubilay Kocak wrote: On 6/08/2016 7:23 AM, Michael Grimm wrote: > Hi — > > Kubilay Kocak wrote: > >> Unfortunately you are yet one more example of a user that's been left in >> the lurch without information or recourse wondering (rightfully) how >> they can resolve or mitigate this vulnerability. Our apologies. > > While we are that topic, I am wondering about that 14 days old warning, as well: > >mariadb101-server-10.1.16 is vulnerable: >MySQL -- Multiple vulnerabilities >CVE: CVE-2016-3452 > [long list of CVEs snipped] >CVE: CVE-2016-3477 >https://vuxml.FreeBSD.org/freebsd/ca5cb202-4f51-11e6-b2ec-b499baebfeaf.html > > I really do not know how serious this report is. Every feedback is highly appreciated. Hi Michael: Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211274 Your comment on that issue would be appreciated. The parent issue (assigned to ports-secteam (cc'd)) for coordinating the multiple vulnerable ports is: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211248 From what I can see MariaDB hasn't released an update to address these issues yet. I believe Oracles does not coordinate release of security issues with third parties / forks. This has probably caught MariaDB off guard and they're likely waiting for access to the relevant commits to import the fixes. Hi Mark, The CVE's mention MariaDB where applicable. Added versions where these vulns were fixed for MariaDB. PerconaDB follows the MySQL release numbering and has also received updates so I added version checks there as well. See https://svnweb.freebsd.org/ports?view=revision&revision=419813 Cheers, Bernard. ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: mariadb101-server vulnerability?
> On Aug 8, 2016, at 05:02, Bernard Spil wrote: > >> On 2016-08-06 23:17, Mark Felder wrote: >>> On Sat, Aug 6, 2016, at 07:34, Kubilay Kocak wrote: >>> On 6/08/2016 7:23 AM, Michael Grimm wrote: >>> > Hi — >>> > >>> > Kubilay Kocak wrote: >>> > >>> >> Unfortunately you are yet one more example of a user that's been left in >>> >> the lurch without information or recourse wondering (rightfully) how >>> >> they can resolve or mitigate this vulnerability. Our apologies. >>> > >>> > While we are that topic, I am wondering about that 14 days old warning, >>> > as well: >>> > >>> >mariadb101-server-10.1.16 is vulnerable: >>> >MySQL -- Multiple vulnerabilities >>> >CVE: CVE-2016-3452 >>> > [long list of CVEs snipped] >>> >CVE: CVE-2016-3477 >>> > >>> > https://vuxml.FreeBSD.org/freebsd/ca5cb202-4f51-11e6-b2ec-b499baebfeaf.html >>> > >>> > I really do not know how serious this report is. Every feedback is highly >>> > appreciated. >>> Hi Michael: >>> Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211274 >>> Your comment on that issue would be appreciated. >>> The parent issue (assigned to ports-secteam (cc'd)) for coordinating the >>> multiple vulnerable ports is: >>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211248 >> From what I can see MariaDB hasn't released an update to address these >> issues yet. I believe Oracles does not coordinate release of security >> issues with third parties / forks. This has probably caught MariaDB off >> guard and they're likely waiting for access to the relevant commits to >> import the fixes. > > Hi Mark, > > The CVE's mention MariaDB where applicable. > > Added versions where these vulns were fixed for MariaDB. PerconaDB follows > the MySQL release numbering and has also received updates so I added version > checks there as well. > > See https://svnweb.freebsd.org/ports?view=revision&revision=419813 > Thanks for keeping an eye on this! ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: mariadb101-server vulnerability?
On 2016-08-08 12:02, Bernard Spil wrote: The CVE's mention MariaDB where applicable. Added versions where these vulns were fixed for MariaDB. PerconaDB follows the MySQL release numbering and has also received updates so I added version checks there as well. See https://svnweb.freebsd.org/ports?view=revision&revision=419813 Cheers, Bernard. I'd like to thank everyone involved in getting this issue solved. Thanks and regards, Michael ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
New Micro Sunglasses camera
[ View in browser ]( http://2j936.r.ca.d.sendibm2.com/1l1ccinh0crf.html ) Micro Sunglasses Camera New Micro Sunglasses Camera,easily to install in your own sunglasses with simple step Easy to Install on your own sunglasses Parameters: Items: Relevant Parameters Video Format: AVI Video Coding: M-JPEG Video Resolution: 1920*1080 Video Frame Rate: 30fps Physical Pixel: 2560*1440 Picture Format: JPG Voice Format: WAV Media Player Software: Built-in software of operation system or mainstream media player System: Windows me/2000/xp/2003/vista; WIN7 Mac os; Linux; Battery Power: 350mA Charging Voltage: DC-5V Storage Support: Micro SD (TF card) maximum 32GB © 2016 ahdcameras.com ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Clamd core dumps
I just upgraded a mail server from 9.3 to 11.0-BETA4. clamav worked fine on 9.3. However, after upgrading it and reinstalling the package clamd core dumps just after reading all the signatures. Ktrace shows nothing other than the sig 11. I then built clamav from ports so I would have source. The bt from the core dump shows: #0 0x000800f94b09 in cli_printcxxver () from /usr/local/lib/libclamav.so.7 #1 0x0008010e7d2b in cli_printcxxver () from /usr/local/lib/libclamav.so.7 #2 0x000800d3eee9 in cli_printcxxver () from /usr/local/lib/libclamav.so.7 #3 0x000800d5ebd3 in cli_printcxxver () from /usr/local/lib/libclamav.so.7 #4 0x000800d5e256 in cli_printcxxver () from /usr/local/lib/libclamav.so.7 #5 0x000800d5df16 in cli_printcxxver () from /usr/local/lib/libclamav.so.7 #6 0x000800d03283 in cli_printcxxver () from /usr/local/lib/libclamav.so.7 #7 0x000800d034a4 in cli_printcxxver () from /usr/local/lib/libclamav.so.7 #8 0x000800c118d0 in cli_pcre_scanbuf () from /usr/local/lib/libclamav.so.7 #9 0x000800b675e8 in cli_bytecode_prepare2 () from /usr/local/lib/libclamav.so.7 #10 0x000800aba3b9 in cl_engine_compile () from /usr/local/lib/libclamav.so.7 #11 0x00408fec in main () I am going to try rebuilding with symbols. Any ideas what is causing this or how to get around it? pkg is clamav-milter-0.99.2 — Doug ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Clamd core dumps
09.08.16 10:05, Doug Hardie пишет: > I just upgraded a mail server from 9.3 to 11.0-BETA4. clamav worked fine on > 9.3. However, after upgrading it and reinstalling the package clamd core > dumps just after reading all the signatures. Ktrace shows nothing other than > the sig 11. I then built clamav from ports so I would have source. The bt > from the core dump shows: > > #0 0x000800f94b09 in cli_printcxxver () from > /usr/local/lib/libclamav.so.7 > #1 0x0008010e7d2b in cli_printcxxver () from > /usr/local/lib/libclamav.so.7 > #2 0x000800d3eee9 in cli_printcxxver () from > /usr/local/lib/libclamav.so.7 > #3 0x000800d5ebd3 in cli_printcxxver () from > /usr/local/lib/libclamav.so.7 > #4 0x000800d5e256 in cli_printcxxver () from > /usr/local/lib/libclamav.so.7 > #5 0x000800d5df16 in cli_printcxxver () from > /usr/local/lib/libclamav.so.7 > #6 0x000800d03283 in cli_printcxxver () from > /usr/local/lib/libclamav.so.7 > #7 0x000800d034a4 in cli_printcxxver () from > /usr/local/lib/libclamav.so.7 > #8 0x000800c118d0 in cli_pcre_scanbuf () from > /usr/local/lib/libclamav.so.7 > #9 0x000800b675e8 in cli_bytecode_prepare2 () from > /usr/local/lib/libclamav.so.7 > #10 0x000800aba3b9 in cl_engine_compile () from > /usr/local/lib/libclamav.so.7 > #11 0x00408fec in main () > > I am going to try rebuilding with symbols. > > Any ideas what is causing this or how to get around it? > > pkg is clamav-milter-0.99.2 > Let me guess. ClamAV was built with LLVM/Jit support? It's broken for now as Clamav can use only LLVM <3.7 and base system provide llvm 3.8. Try to rebuild without LLVM/Jit, this solved crashdumps for me. -- Dima Panov (flu...@freebsd.org) (X11, KDE, Office)@FreeBSD team Facebook: http://www.facebook.com/fluffy.khv twitter: fluffy_khv | skype: dima.panov | telegram: @dima_panov IRC: fluffy@EFNet, fluffykhv@FreeNode signature.asc Description: OpenPGP digital signature
