Date: Wed, 19 Mar 2003 16:18:23 +0200 From: Peter Pentchev <roam@ringlet.net> To: Alexandr Kovalenko <never@nevermind.kiev.ua> Cc: freebsd-security@freebsd.org Subject: Re: MySQL vulnerability: will go into -RELEASE? Message-ID: <20030319141823.GH27330@straylight.oblivion.bg> In-Reply-To: <20030319140855.GG27330@straylight.oblivion.bg> References: <20030319132332.GA18138@nevermind.kiev.ua> <20030319140855.GG27330@straylight.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
--R6sEYoIZpp9JErk7 Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 19, 2003 at 04:08:55PM +0200, Peter Pentchev wrote: > On Wed, Mar 19, 2003 at 03:23:32PM +0200, Alexandr Kovalenko wrote: > > I wonder if there are plans to update MySQL to version 3.23.56 before > > 4.8 in order to fix security vulnerability described here: > >=20 > > http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D104739810523433&w=3D2 > >=20 > > ? >=20 > I wrote a follow-up to that message which never made it to Bugtraq; > the list moderators somehow failed to act upon it, neither approving > nor rejecting it after a few days. >=20 > Basically, the FreeBSD port of MySQL is safe, as long as people use > the startup script provided by the port. The --user command-line > option overrides any and all config file settings, thus rendering > this particular vulnerability harmless. Of course, other config file > settings may still affect the MySQL server, but the most dangerous > one is moot for users of the FreeBSD port. And just for the record, this is not a recent development in answer to this particular advisory; it has been so since rev. 1.58 of the port's Makefile, sometime in July 1999. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 When you are not looking at it, this sentence is in Spanish. --R6sEYoIZpp9JErk7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+eHwv7Ri2jRYZRVMRAlrdAJkBdI66H8PJzjDu9EL7mKIIsOWvLACglzln XQm3kfX7+9NkGR6fkGSafgc= =tEkx -----END PGP SIGNATURE----- --R6sEYoIZpp9JErk7-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030319141823.GH27330>