Date: Sun, 02 May 2021 13:44:44 -0400 From: "Dan Langille" <dan@langille.org> To: freebsd-database@freebsd.org Subject: Re: Message-ID: <956930fc-5209-4ec2-95fa-19fd44a26672@www.fastmail.com> In-Reply-To: <cmu-lmtpd-625865-1619954868-0@sloti36d2t13> References: <cmu-lmtpd-625865-1619954868-0@sloti36d2t13>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, May 1, 2021, at 10:02 PM, Curtis Villamizar wrote: > The ports collection still has MySQL server versions 5.7.33 and > 8.0.23. > > The VuXML database has had an entry for mysql since April 20 that > affects mysql57-server < 5.7.34 and mysql80-server < 8.0.24. It > sounds rather severe: > > This Critical Patch Update contains 49 new security patches for > Oracle MySQL. 10 of these vulnerabilities may be remotely > exploitable without authentication, i.e., may be exploited over a > network without requiring user credentials. The highest CVSS v3.1 > Base Score of vulnerabilities affecting Oracle MySQL is 9.8. > > See http://vuxml.freebsd.org/freebsd/56ba4513-a1be-11eb-9072-d4c9ef517024.html > > Any idea when the port will be updated? > > It might be good to update this promptly just in case someone wants to > run some sort of serious mysql application in production. MySQL is not an easy port to maintain. I have tried. Some months ago, under similar circumstances, I tried to patch the port to help the maintainer. I failed. It was not as simple as bumping the PORTVERSION, running `make makesum`, followed by a `poudriere testport`. That's when I decided to leave it to the port maintainer who knows what they are doing and is familiar with the port. I am sure they would appreciate help though. If someone CAN provide patches, that is always helpful Thank you. -- Dan Langille dan@langille.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?956930fc-5209-4ec2-95fa-19fd44a26672>