From owner-svn-ports-head@freebsd.org Fri Jul 17 10:10:40 2015 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7811C9A23FC; Fri, 17 Jul 2015 10:10:40 +0000 (UTC) (envelope-from erwin@mail.droso.net) Received: from mail.droso.net (koala.droso.dk [IPv6:2a01:4f8:a0:7163::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 07B3315F0; Fri, 17 Jul 2015 10:10:40 +0000 (UTC) (envelope-from erwin@mail.droso.net) Received: by mail.droso.net (Postfix, from userid 1001) id 0BBCB1F4C9; Fri, 17 Jul 2015 12:10:37 +0200 (CEST) Date: Fri, 17 Jul 2015 12:10:37 +0200 From: Erwin Lansing To: Alex Dupre , ports-secteam@FreeBSD.org Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r392140 - head/databases/mysql56-server Message-ID: <20150717101036.GX63119@droso.dk> References: <201507151349.t6FDn5Sf079974@svnmir.geo.freebsd.org> <20150717081711.GS63119@droso.dk> <55A8D138.2050901@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="iBwuxWUsK/REspAd" Content-Disposition: inline In-Reply-To: <55A8D138.2050901@FreeBSD.org> X-Operating-System: FreeBSD/amd64 9.3-RELEASE-p5 User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jul 2015 10:10:40 -0000 --iBwuxWUsK/REspAd Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 17, 2015 at 11:56:08AM +0200, Alex Dupre wrote: > Erwin Lansing wrote: > >> URL: https://svnweb.freebsd.org/changeset/ports/392140 > >> > >> Log: > >> Update to 5.6.25 release. > >=20 > > Does this by any change fix this vulnerability? >=20 > No, probably they are not going to fix this "vulnerability" because, > even if it wasn't a great security choice and in fact it changed in > mysql 5.7, it was the intended and documented behavior: >=20 >=20 > > For MySQL client programs, this option permits but does not require the= client to connect to the server using SSL. Therefore, this option is not s= ufficient in itself to cause an SSL connection to be used. For example, if = you specify this option for a client program but the server has not been co= nfigured to enable SSL connections, the client falls back to an unencrypted= connection.=20 >=20 Currently, the VuXML entry prohibits the installation of the mysql, mariadb, and percona servers in any version. Adding ports-secteam for advice on how to handle this situation. Erwin --=20 Erwin Lansing (o_ _o) http://droso.dk \\\_\ /_/// erwin@lansing.dk <____) (____> --iBwuxWUsK/REspAd Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVajUnFF75hSlwe7HAQrK4wf+NIx5hag85rZG8iTSfcdyHy32M47injuu rNIAf6Ro01ULELFuhVhFEFOMPwS5JwoMxHtoU9P77OVv0vH7vXJ2qqIYJd+ACTGD 0m/ObMqoIFWjZkPydiPnXRJZVX3CRBK6smDWxlhHPC+SPKAcUcBzrxXhOMs7Q/gx P9wCsO+7fm0CNL7uNc5EfqmSYw43OTpKyoAL2zMWzYTQ1eiUKxgazid0k+JuI+XA UOw+v4ZFlo5W7a7K+Y/jyBenfsxosrgd+Wy5vw/mxtkS1NDMYNg76Un7V5YByJcA VXJK2FN4+XwO6qJsup28G2HcG/BT+pntQCiOecFXFR1CPEyjbmmybw== =mSmj -----END PGP SIGNATURE----- --iBwuxWUsK/REspAd--