On Sat, Aug 6, 2016, at 07:34, Kubilay Kocak wrote: > On 6/08/2016 7:23 AM, Michael Grimm wrote: > > Hi — > > > > Kubilay Kocak <ko...@freebsd.org> wrote: > > > >> Unfortunately you are yet one more example of a user that's been left in > >> the lurch without information or recourse wondering (rightfully) how > >> they can resolve or mitigate this vulnerability. Our apologies. > > > > While we are that topic, I am wondering about that 14 days old warning, as > > well: > > > > mariadb101-server-10.1.16 is vulnerable: > > MySQL -- Multiple vulnerabilities > > CVE: CVE-2016-3452 > > [long list of CVEs snipped] > > CVE: CVE-2016-3477 > > > > https://vuxml.FreeBSD.org/freebsd/ca5cb202-4f51-11e6-b2ec-b499baebfeaf.html > > > > I really do not know how serious this report is. Every feedback is highly > > appreciated. > > Hi Michael: > > Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211274 > > Your comment on that issue would be appreciated. > > The parent issue (assigned to ports-secteam (cc'd)) for coordinating the > multiple vulnerable ports is: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211248 > >
From what I can see MariaDB hasn't released an update to address these issues yet. I believe Oracles does not coordinate release of security issues with third parties / forks. This has probably caught MariaDB off guard and they're likely waiting for access to the relevant commits to import the fixes. -- Mark Felder f...@feld.me _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
