Date: Wed, 19 Mar 2003 16:08:55 +0200 From: Peter Pentchev <roam@ringlet.net> To: Alexandr Kovalenko <never@nevermind.kiev.ua> Cc: freebsd-security@freebsd.org Subject: Re: MySQL vulnerability: will go into -RELEASE? Message-ID: <20030319140855.GG27330@straylight.oblivion.bg> In-Reply-To: <20030319132332.GA18138@nevermind.kiev.ua> References: <20030319132332.GA18138@nevermind.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
--Oiv9uiLrevHtW1RS Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 19, 2003 at 03:23:32PM +0200, Alexandr Kovalenko wrote: > I wonder if there are plans to update MySQL to version 3.23.56 before > 4.8 in order to fix security vulnerability described here: >=20 > http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D104739810523433&w=3D2 >=20 > ? I wrote a follow-up to that message which never made it to Bugtraq; the list moderators somehow failed to act upon it, neither approving nor rejecting it after a few days. Basically, the FreeBSD port of MySQL is safe, as long as people use the startup script provided by the port. The --user command-line option overrides any and all config file settings, thus rendering this particular vulnerability harmless. Of course, other config file settings may still affect the MySQL server, but the most dangerous one is moot for users of the FreeBSD port. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I am the thought you are now thinking. --Oiv9uiLrevHtW1RS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+eHn37Ri2jRYZRVMRAlgAAJ4nwF05hGdCPQpHz65csrO9yUC3EQCdGaXM bmskDXhGQrnUNTeTxZ/dW1A= =cjWQ -----END PGP SIGNATURE----- --Oiv9uiLrevHtW1RS-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030319140855.GG27330>