From owner-freebsd-ports@freebsd.org  Sat Aug  6 12:34:32 2016
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 92B02BAF224;
 Sat,  6 Aug 2016 12:34:32 +0000 (UTC)
 (envelope-from koobs.freebsd@gmail.com)
Received: from mail-pa0-x22f.google.com (mail-pa0-x22f.google.com
 [IPv6:2607:f8b0:400e:c03::22f])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 622371760;
 Sat,  6 Aug 2016 12:34:32 +0000 (UTC)
 (envelope-from koobs.freebsd@gmail.com)
Received: by mail-pa0-x22f.google.com with SMTP id iw10so100392547pac.2;
 Sat, 06 Aug 2016 05:34:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=sender:reply-to:subject:references:to:cc:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=jRBkH/1+xZ50aLpk1yUo9vYP8DGKroF3ehMMcfz+6OI=;
 b=kBIRjRPY3K6d97gSbdDbSEszacolafV921IOSNl4zoY1+aPzcozUOs0tnMqN9kcWZH
 Nl8xyF4/+85CotYJpoYj/WrVgXgNhL3mPuSQK4clIBpjFIjf9cc8WaO7zeQtb+es8vQ5
 FCgl8dLjTESGf7zhBDvqCK7DzI8HYgKwImiC/1MV8zbq6iHSnj0NyH0jjOp96jsnbDNn
 YI0GLvw3/1EutcbVLYRvNZtguWA5yG3vbwuOhwwzubEbu4ft8lTERZQEYiLkFLIrHKEq
 UXieDssx6QXmoUI7Vj06uOlF4f79X9wRndzo8tCWjqBSmsg4r7GgyY0g7jGhw6Nz8nmj
 eBoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:sender:reply-to:subject:references:to:cc:from
 :message-id:date:user-agent:mime-version:in-reply-to
 :content-language:content-transfer-encoding;
 bh=jRBkH/1+xZ50aLpk1yUo9vYP8DGKroF3ehMMcfz+6OI=;
 b=OMhf6SF3pG67ejpH1vVr00J8r72InTCZfdcKWoIkJXcX+h0KLZSKgJSiKPT90aNtt+
 v09qL9539ITaLHqGSf+9TsbZrEYMcgLZNu4EjcsxE+MrkDnoUFa+KZunFIFTWqA7/w7d
 H03QsnYPAoGkBr0jbpkmkee6sGfmluDbR2fYyJFBQobQM3q8DkaELH3AJ6UPDypEYZC4
 48bOMvhIwW6mG8I6jDuOgVWd7R/2M2Qba9Mnu+6rqiudixu27r/LNknqSRdBfSYn15m8
 /EN0mshuVsFhs4zLJ7XG246RE1VvXjo9+6eJB7oXO1+7rrbDUG6S6XFhm0y9vGwGbL7B
 YWXA==
X-Gm-Message-State: AEkoouuLULW6ctERz783dPQq3Tf6P1STjWYnRDYAGJ0gkca/BjrYnXYh1j4giRxZsGdoEQ==
X-Received: by 10.66.142.233 with SMTP id rz9mr147048048pab.143.1470486871422; 
 Sat, 06 Aug 2016 05:34:31 -0700 (PDT)
Received: from ?IPv6:2001:44b8:31ae:7b01:f985:3c4b:2a0c:8bea?
 (2001-44b8-31ae-7b01-f985-3c4b-2a0c-8bea.static.ipv6.internode.on.net.
 [2001:44b8:31ae:7b01:f985:3c4b:2a0c:8bea])
 by smtp.gmail.com with ESMTPSA id q1sm35099218pfd.48.2016.08.06.05.34.29
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sat, 06 Aug 2016 05:34:30 -0700 (PDT)
Sender: Kubilay Kocak <koobs.freebsd@gmail.com>
Reply-To: koobs@FreeBSD.org
Subject: Re: mariadb101-server vulnerability?
References: <CACcSE1z4m_o9z2Ttw-Sb7bNhVmnwDrVX8BQFfa2a_dBbW_hwyw@mail.gmail.com>
 <CAJN5+GtsJ=n2m8Xz5eZj92yo5vFZST0dO1ZnLCpmf4x0H95w-Q@mail.gmail.com>
 <33ac70de-78b6-dc54-e81f-3153d0d721e4@FreeBSD.org>
 <b05d61de-03e7-0599-17c9-0d055ac8ab61@FreeBSD.org>
 <F7C5E254-6801-4274-A973-9ECBAB3EA20F@ellael.org>
To: Michael Grimm <trashcan@ellael.org>, freebsd-ports@FreeBSD.org
Cc: FreeBSD Ports Security Team <ports-secteam@freebsd.org>,
 Bernard Spil <brnrd@FreeBSD.org>
From: Kubilay Kocak <koobs@FreeBSD.org>
Message-ID: <0ff02264-b10d-c0a6-f82b-38d178f26aac@FreeBSD.org>
Date: Sat, 6 Aug 2016 22:34:14 +1000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101
 Thunderbird/50.0a2
MIME-Version: 1.0
In-Reply-To: <F7C5E254-6801-4274-A973-9ECBAB3EA20F@ellael.org>
Content-Type: text/plain; charset=utf-8
Content-Language: en-AU
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Aug 2016 12:34:32 -0000

On 6/08/2016 7:23 AM, Michael Grimm wrote:
> Hi —
> 
> Kubilay Kocak <koobs@FreeBSD.org> wrote:
> 
>> Unfortunately you are yet one more example of a user that's been left in
>> the lurch without information or recourse wondering (rightfully) how
>> they can resolve or mitigate this vulnerability. Our apologies.
> 
> While we are that topic, I am wondering about that 14 days old warning, as well:
> 
> 	mariadb101-server-10.1.16 is vulnerable:
> 	MySQL -- Multiple vulnerabilities
> 	CVE: CVE-2016-3452
> [long list of CVEs snipped]
> 	CVE: CVE-2016-3477
> 	https://vuxml.FreeBSD.org/freebsd/ca5cb202-4f51-11e6-b2ec-b499baebfeaf.html
> 
> I really do not know how serious this report is. Every feedback is highly appreciated.

Hi Michael:

Bug:  https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211274

Your comment on that issue would be appreciated.

The parent issue (assigned to ports-secteam (cc'd)) for coordinating the
multiple vulnerable ports is:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211248


> Thanks and with kind regards,
> Michael
> 
> _______________________________________________
> freebsd-ports@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org"
>