Date: Wed, 19 Jul 2017 14:45:31 +0000 (UTC) From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r446202 - head/security/vuxml Message-ID: <201707191445.v6JEjVWa078047@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brnrd Date: Wed Jul 19 14:45:31 2017 New Revision: 446202 URL: https://svnweb.freebsd.org/changeset/ports/446202 Log: security/vuxml: Document MySQL vulnerabilities Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jul 19 14:37:44 2017 (r446201) +++ head/security/vuxml/vuln.xml Wed Jul 19 14:45:31 2017 (r446202) @@ -58,6 +58,115 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="cda2f3c2-6c8b-11e7-867f-b499baebfeaf"> + <topic>MySQL -- multiple vulnerabilities</topic> + <affects> + <package> + <name>mariadb55-server</name> + <range><lt>5.5.57</lt></range> + </package> + <package> + <name>mariadb100-server</name> + <range><lt>10.0.31</lt></range> + </package> + <package> + <name>mariadb101-server</name> + <range><lt>10.1.23</lt></range> + </package> + <package> + <name>mariadb102-server</name> + <range><lt>10.2.6</lt></range> + </package> + <package> + <name>mysql55-server</name> + <range><lt>5.5.55</lt></range> + </package> + <package> + <name>mysql56-server</name> + <range><lt>5.6.36</lt></range> + </package> + <package> + <name>mysql57-server</name> + <range><lt>5.7.18</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Oracle reports:</p> + <blockquote cite="http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL">; + <ul> + <li>Reserved [CVE-2017-3629]</li> + <li>A remote user can exploit a flaw in the Server: Memcached component to partially + modify data and cause denial of service conditions [CVE-2017-3633].</li> + <li>A remote authenticated user can exploit a flaw in the Server: DML component to + cause denial of service conditions [CVE-2017-3634].</li> + <li>A remote authenticated user can exploit a flaw in the Connector/C component to + cause denial of service conditions [CVE-2017-3635].</li> + <li>A remote authenticated user can exploit a flaw in the C API component to cause + denial of service conditions [CVE-2017-3635].</li> + <li>A local user can exploit a flaw in the Client programs component to partially + access data, partially modify data, and partially deny service + [CVE-2017-3636].</li> + <li>A remote authenticated user can exploit a flaw in the Server: UDF component to + cause denial of service conditions [CVE-2017-3529].</li> + <li>A remote authenticated user can exploit a flaw in the X Plugin component to + cause denial of service conditions [CVE-2017-3637].</li> + <li>A remote authenticated user can exploit a flaw in the Server: DML component to + cause denial of service conditions [CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, + CVE-2017-3643, CVE-2017-3644].</li> + <li>A remote authenticated user can exploit a flaw in the Server: Optimizer + component to cause denial of service conditions [CVE-2017-3638, CVE-2017-3642, + CVE-2017-3645].</li> + <li>A remote authenticated user can exploit a flaw in the X Plugin component to + cause denial of service conditions [CVE-2017-3646].</li> + <li>A remote authenticated user can exploit a flaw in the Server: Charsets component + to cause denial of service conditions [CVE-2017-3648].</li> + <li>A remote authenticated user can exploit a flaw in the Server: Replication + component to cause denial of service conditions [CVE-2017-3647, + CVE-2017-3649].</li> + <li>A remote authenticated user can exploit a flaw in the Client mysqldump component + to partially modify data [CVE-2017-3651].</li> + <li>A remote authenticated user can exploit a flaw in the Server: DDL component to + partially access and partially modify data [CVE-2017-3652].</li> + <li>A remote user can exploit a flaw in the C API component to partially access data + [CVE-2017-3650].</li> + <li>A remote authenticated user can exploit a flaw in the Server: DDL component to + partially modify data [CVE-2017-3653].</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL</url>; + <cvename>CVE-2017-3529</cvename> + <cvename>CVE-2017-3633</cvename> + <cvename>CVE-2017-3634</cvename> + <cvename>CVE-2017-3635</cvename> + <cvename>CVE-2017-3636</cvename> + <cvename>CVE-2017-3637</cvename> + <cvename>CVE-2017-3638</cvename> + <cvename>CVE-2017-3639</cvename> + <cvename>CVE-2017-3640</cvename> + <cvename>CVE-2017-3641</cvename> + <cvename>CVE-2017-3642</cvename> + <cvename>CVE-2017-3643</cvename> + <cvename>CVE-2017-3644</cvename> + <cvename>CVE-2017-3645</cvename> + <cvename>CVE-2017-3646</cvename> + <cvename>CVE-2017-3647</cvename> + <cvename>CVE-2017-3648</cvename> + <cvename>CVE-2017-3649</cvename> + <cvename>CVE-2017-3650</cvename> + <cvename>CVE-2017-3651</cvename> + <cvename>CVE-2017-3652</cvename> + <cvename>CVE-2017-3653</cvename> + </references> + <dates> + <discovery>2017-07-19</discovery> + <entry>2017-07-19</entry> + </dates> + </vuln> + <vuln vid="08a2df48-6c6a-11e7-9b01-2047478f2f70"> <topic>collectd5 -- Denial of service by sending a signed network packet to a server which is not set up to check signatures</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201707191445.v6JEjVWa078047>