Date: Sat, 01 May 2021 22:02:55 -0400 From: Curtis Villamizar <curtis@orleans.occnc.com> To: joneum@FreeBSD.org, freebsd-database@freebsd.org, freebsd-ports@freebsd.org Cc: Curtis Villamizar <curtis@orleans.occnc.com>
| raw e-mail | index | archive | help
The ports collection still has MySQL server versions 5.7.33 and 8.0.23. The VuXML database has had an entry for mysql since April 20 that affects mysql57-server < 5.7.34 and mysql80-server < 8.0.24. It sounds rather severe: This Critical Patch Update contains 49 new security patches for Oracle MySQL. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 9.8. See http://vuxml.freebsd.org/freebsd/56ba4513-a1be-11eb-9072-d4c9ef517024.html Any idea when the port will be updated? It might be good to update this promptly just in case someone wants to run some sort of serious mysql application in production. Curtis ps - I copied freebsd-ports since there is no recent activity on freebsd-database other than some spam in January and the mailing list appears to be unused. And btw - yes I know to update using git.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>