Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 19 Mar 2003 16:18:23 +0200
From:      Peter Pentchev <roam@ringlet.net>
To:        Alexandr Kovalenko <never@nevermind.kiev.ua>
Cc:        freebsd-security@freebsd.org
Subject:   Re: MySQL vulnerability: will go into -RELEASE?
Message-ID:  <20030319141823.GH27330@straylight.oblivion.bg>
In-Reply-To: <20030319140855.GG27330@straylight.oblivion.bg>
References:  <20030319132332.GA18138@nevermind.kiev.ua> <20030319140855.GG27330@straylight.oblivion.bg>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
On Wed, Mar 19, 2003 at 04:08:55PM +0200, Peter Pentchev wrote:
> On Wed, Mar 19, 2003 at 03:23:32PM +0200, Alexandr Kovalenko wrote:
> > I wonder if there are plans to update MySQL to version 3.23.56 before
> > 4.8 in order to fix security vulnerability described here:
> > 
> > http://marc.theaimsgroup.com/?l=bugtraq&m=104739810523433&w=2
> > 
> > ?
> 
> I wrote a follow-up to that message which never made it to Bugtraq;
> the list moderators somehow failed to act upon it, neither approving
> nor rejecting it after a few days.
> 
> Basically, the FreeBSD port of MySQL is safe, as long as people use
> the startup script provided by the port.  The --user command-line
> option overrides any and all config file settings, thus rendering
> this particular vulnerability harmless.  Of course, other config file
> settings may still affect the MySQL server, but the most dangerous
> one is moot for users of the FreeBSD port.

And just for the record, this is not a recent development in answer
to this particular advisory; it has been so since rev. 1.58 of the
port's Makefile, sometime in July 1999.

G'luck,
Peter

-- 
Peter Pentchev	roam@ringlet.net    roam@sbnd.net    roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
When you are not looking at it, this sentence is in Spanish.

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+eHwv7Ri2jRYZRVMRAlrdAJkBdI66H8PJzjDu9EL7mKIIsOWvLACglzln
XQm3kfX7+9NkGR6fkGSafgc=
=tEkx
-----END PGP SIGNATURE-----
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030319141823.GH27330>