FS#21110 - [mysql] 5.1.50 has several security vulnerabilites
Attached to Project:
Arch Linux
Opened by Pascal Ernster (hardfalcon) - Wednesday, 06 October 2010, 15:35 GMT
Last edited by Andrea Scarpino (BaSh) - Thursday, 07 October 2010, 20:11 GMT
Opened by Pascal Ernster (hardfalcon) - Wednesday, 06 October 2010, 15:35 GMT
Last edited by Andrea Scarpino (BaSh) - Thursday, 07 October 2010, 20:11 GMT
|
Details
Packages affected:
extra/libmysqlclient 5.1.50-1 extra/mysql 5.1.50-1 extra/mysql-clients 5.1.50-1 The mysql packages (mysql, mysql-clients, libmysql) in the official repos are outdated. The package versions in the repos do have several security vulnerabilites, among which quite a load of various DOS vulnerabilites. DOS vulnerabilites *are* security relevant depending on the configuration and inner workings of the software relying on the DOSable service. Oracle has released an updated version (5.1.51) almost a month ago (on 10th September 2010), but that update hasn't made it yet into the Archlinux repositories. http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html I've filed this as a critical bug as it is a security issue and not just "some outdated package". |
This task depends upon
Closed by Andrea Scarpino (BaSh)
Thursday, 07 October 2010, 20:11 GMT
Reason for closing: Implemented
Additional comments about closing: see comments
Thursday, 07 October 2010, 20:11 GMT
Reason for closing: Implemented
Additional comments about closing: see comments
Comment by
Gerardo Exequiel Pozzi (djgera) -
Thursday, 07 October 2010, 16:01 GMT
Comment by
Gerardo Exequiel Pozzi (djgera) -
Thursday, 07 October 2010, 16:04 GMT
- Field changed: Summary (mysql 5.1.50 has several security vulnerabilites → [mysql] 5.1.50 has several security vulnerabilites)
- Field changed: Status (Unconfirmed → Assigned)
- Field changed: Category (Packages: Extra → Upstream Bugs)
- Task assigned to Andrea Scarpino (BaSh), Dan Griffiths (Ghost1227), Giovanni Scafora (giovanni), Pierre Schmitz (Pierre)
Assigned to latest packager and Orphan Team
- Task reassigned to Pierre Schmitz (Pierre)
Already in testing work done by Pierre. :)