Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#21110 - [mysql] 5.1.50 has several security vulnerabilites

Attached to Project: Arch Linux
Opened by Pascal Ernster (hardfalcon) - Wednesday, 06 October 2010, 15:35 GMT
Last edited by Andrea Scarpino (BaSh) - Thursday, 07 October 2010, 20:11 GMT
Task Type Bug Report
Category Upstream Bugs
Status Closed
Assigned To Pierre Schmitz (Pierre)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


Packages affected:
extra/libmysqlclient 5.1.50-1
extra/mysql 5.1.50-1
extra/mysql-clients 5.1.50-1

The mysql packages (mysql, mysql-clients, libmysql) in the official repos are outdated. The package versions in the repos do have several security vulnerabilites, among which quite a load of various DOS vulnerabilites. DOS vulnerabilites *are* security relevant depending on the configuration and inner workings of the software relying on the DOSable service.

Oracle has released an updated version (5.1.51) almost a month ago (on 10th September 2010), but that update hasn't made it yet into the Archlinux repositories.

I've filed this as a critical bug as it is a security issue and not just "some outdated package".
This task depends upon

Closed by  Andrea Scarpino (BaSh)
Thursday, 07 October 2010, 20:11 GMT
Reason for closing:  Implemented
Additional comments about closing:  see comments
Comment by Gerardo Exequiel Pozzi (djgera) - Thursday, 07 October 2010, 16:01 GMT
Assigned to latest packager and Orphan Team
Comment by Gerardo Exequiel Pozzi (djgera) - Thursday, 07 October 2010, 16:04 GMT
Already in testing work done by Pierre. :)