From owner-dev-commits-ports-all@freebsd.org Tue May 4 14:26:35 2021
Return-Path:
Delivered-To: dev-commits-ports-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.nyi.freebsd.org (Postfix) with ESMTP id EE365633BCB;
Tue, 4 May 2021 14:26:35 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 4FZMbb6Qknz3LPZ;
Tue, 4 May 2021 14:26:35 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:5])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C4E8B1323D;
Tue, 4 May 2021 14:26:35 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 144EQZgV081044;
Tue, 4 May 2021 14:26:35 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 144EQZE5081043;
Tue, 4 May 2021 14:26:35 GMT (envelope-from git)
Date: Tue, 4 May 2021 14:26:35 GMT
Message-Id: <202105041426.144EQZE5081043@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
dev-commits-ports-main@FreeBSD.org
From: Bernard Spil
Subject: git: ebf298637d17 - main - security/vuxml: Update latest MySQL vuln
entry
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: brnrd
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: ebf298637d17a99676d2bf535fd5ebfa41ae152b
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-ports-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for all branches of the ports repository
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Tue, 04 May 2021 14:26:36 -0000
The branch main has been updated by brnrd:
URL: https://cgit.FreeBSD.org/ports/commit/?id=ebf298637d17a99676d2bf535fd5ebfa41ae152b
commit ebf298637d17a99676d2bf535fd5ebfa41ae152b
Author: Bernard Spil
AuthorDate: 2021-05-04 14:25:18 +0000
Commit: Bernard Spil
CommitDate: 2021-05-04 14:26:23 +0000
security/vuxml: Update latest MySQL vuln entry
* Adds CVE numbers
* Mark MariaDB partially affected
---
security/vuxml/vuln.xml | 64 +++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 64 insertions(+)
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index b1c8db06631f..1fcad1d5d7cb 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -549,6 +549,7 @@ Notes:
https://www.jenkins.io/security/advisory/2021-04-20/
+ CVE-2021-28165
2021-04-20
@@ -559,6 +560,22 @@ Notes:
MySQL -- Multiple vulnerabilities
+
+ mariadb103-server
+ 10.3.29
+
+
+ mariadb104-server
+ 10.4.19
+
+
+ mariadb105-server
+ 10.5.10
+
+
+ mysql56-server
+ 5.6.52
+
mysql57-server
5.7.34
@@ -578,15 +595,62 @@ Notes:
requiring user credentials.
The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle
MySQL is 9.8.
+ MariaDB is affected by CVE-2021-2166 and CVE-2021-2154 only