From owner-freebsd-ports@FreeBSD.ORG Mon Jan 10 10:53:07 2005 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1836816A4CE for ; Mon, 10 Jan 2005 10:53:07 +0000 (GMT) Received: from bsd.ultra-secure.de (bsd.ultra-secure.de [62.146.20.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C26643D39 for ; Mon, 10 Jan 2005 10:53:06 +0000 (GMT) (envelope-from rainer@ultra-secure.de) Received: (qmail 9934 invoked by uid 1005); 10 Jan 2005 10:53:04 -0000 Received: from rainer@ultra-secure.de by bsd.ultra-secure.de by uid 89 with qmail-scanner-1.22 Clear:RC:1(217.235.154.169):. Processed in 0.075134 secs); 10 Jan 2005 10:53:04 -0000 Received: from unknown (HELO ?192.168.1.10?) (rainer@ultra-secure.de@217.235.154.169) by bsd.ultra-secure.de with (DHE-RSA-AES256-SHA encrypted) SMTP; 10 Jan 2005 10:53:04 -0000 Message-ID: <41E26CA1.9010200@ultra-secure.de> Date: Mon, 10 Jan 2005 12:53:05 +0100 From: Rainer Duffner User-Agent: Mozilla Thunderbird 1.0 (X11/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ale@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: ports@FreeBSD.org Subject: FreeBSD Port: mysql323-server-3.23.58_2 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jan 2005 10:53:07 -0000 Hi, I've got a question. According to portaudit, the mysql323-server contains several vulnerabilities. http://www.freebsd.org/ports/portaudit/835256b8-46ed-11d9-8ce0-00065be4b5b6.html http://www.freebsd.org/ports/portaudit/01c231cd-4393-11d9-8bb9-00065be4b5b6.html http://www.freebsd.org/ports/portaudit/06a6b2cf-484b-11d9-813c-00065be4b5b6.html Is there going to be a patch for the 4.11-release ? I see that MYSQL.com (or AB) have not produced a newer version of that release and their webpages suggest that they may do so in the future: http://bugs.mysql.com/bug.php?id=4017 If there is no patch in sight for 4.11, shouldn't mysql323 be marked as broken ? cheers, Rainer -- =================================================== ~ Rainer Duffner - rainer@ultra-secure.de ~ ~ Freising - Munich - Germany ~ ~ Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===================================================