Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 31 Jul 2024 11:45:03 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 280531] databases/mysql80-server: 8.0.39 marked as vulnerable after updating from 8.0.35_1
Message-ID:  <bug-280531-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280531

            Bug ID: 280531
           Summary: databases/mysql80-server: 8.0.39 marked as vulnerable
                    after updating from 8.0.35_1
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: joneum@FreeBSD.org
          Reporter: Trond.Endrestol@ximalas.info
          Assignee: joneum@FreeBSD.org
             Flags: maintainer-feedback?(joneum@FreeBSD.org)

Here's a small conundrum.

## Pre-update:

# pkg audit -Fr
vulnxml file up-to-date
mysql80-server-8.0.35_1 is vulnerable:
  MySQL -- Multiple vulnerabilities
  WWW:
https://vuxml.FreeBSD.org/freebsd/3b018063-4358-11ef-b611-84a93843eb75.html

  MySQL -- Multiple vulnerabilities
  WWW:
https://vuxml.FreeBSD.org/freebsd/3b018063-4358-11ef-b611-84a93843eb75.html

  Packages that depend on mysql80-server:

mysql80-client-8.0.35 is vulnerable:
  MySQL -- Multiple vulnerabilities
  WWW:
https://vuxml.FreeBSD.org/freebsd/3b018063-4358-11ef-b611-84a93843eb75.html

  Packages that depend on mysql80-client: ntopng, moodle43-php82, cacti,
mysql80-server, argus-clients-sasl, nagios-plugins, libdbi-drivers

3 problem(s) in 2 installed package(s) found.

## Post-update:

# pkg audit -Fr
vulnxml file up-to-date
mysql80-server-8.0.39 is vulnerable:
  MySQL -- Multiple vulnerabilities
  WWW:
https://vuxml.FreeBSD.org/freebsd/3b018063-4358-11ef-b611-84a93843eb75.html

  Packages that depend on mysql80-server:

1 problem(s) in 1 installed package(s) found.

Judging by
https://vuxml.FreeBSD.org/freebsd/3b018063-4358-11ef-b611-84a93843eb75.html,
any version greater than or equal to 8.0.38 should not be marked as vulnera=
ble.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-280531-7788>