Date: Sat, 22 Apr 2023 12:20:38 GMT From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 6c23313ac492 - main - security/vuxml: Document MySQL 2023Q2 vulnerabilities Message-ID: <202304221220.33MCKcvE002801@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by brnrd: URL: https://cgit.FreeBSD.org/ports/commit/?id=6c23313ac492689a40ac3b26f8fae7571f447226 commit 6c23313ac492689a40ac3b26f8fae7571f447226 Author: Bernard Spil <brnrd@FreeBSD.org> AuthorDate: 2023-04-22 12:20:32 +0000 Commit: Bernard Spil <brnrd@FreeBSD.org> CommitDate: 2023-04-22 12:20:32 +0000 security/vuxml: Document MySQL 2023Q2 vulnerabilities --- security/vuxml/vuln/2023.xml | 71 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 1fe272ebc8d4..a4ab8d31fc74 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,74 @@ + <vuln vid="f504a8d2-e105-11ed-85f6-84a93843eb75"> + <topic>MySQL -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>mysql-connector-java</name> + <range><lt>8.0.33</lt></range> + </package> + <package> + <name>mysql-client57</name> + <range><lt>5.7.42</lt></range> + </package> + <package> + <name>mysql-server57</name> + <range><lt>5.7.42</lt></range> + </package> + <package> + <name>mysql-client80</name> + <range><lt>8.0.33</lt></range> + </package> + <package> + <name>mysql-server80</name> + <range><lt>8.0.33</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Oracle reports:</p> + <blockquote cite="https://www.oracle.com/security-alerts/cpujan2023.html#AppendixMSQL">; + <p>This Critical Patch Update contains 34 new security patches, plus + additional third party patches noted below, for Oracle MySQL. 11 of + these vulnerabilities may be remotely exploitable without + authentication, i.e., may be exploited over a network without + requiring user credentials. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-37434</cvename> + <cvename>CVE-2023-21912</cvename> + <cvename>CVE-2023-21980</cvename> + <cvename>CVE-2023-21946</cvename> + <cvename>CVE-2023-21929</cvename> + <cvename>CVE-2023-21971</cvename> + <cvename>CVE-2023-21911</cvename> + <cvename>CVE-2023-21962</cvename> + <cvename>CVE-2023-21919</cvename> + <cvename>CVE-2023-21933</cvename> + <cvename>CVE-2023-21972</cvename> + <cvename>CVE-2023-21966</cvename> + <cvename>CVE-2023-21913</cvename> + <cvename>CVE-2023-21917</cvename> + <cvename>CVE-2023-21920</cvename> + <cvename>CVE-2023-21935</cvename> + <cvename>CVE-2023-21945</cvename> + <cvename>CVE-2023-21976</cvename> + <cvename>CVE-2023-21977</cvename> + <cvename>CVE-2023-21982</cvename> + <cvename>CVE-2023-21953</cvename> + <cvename>CVE-2023-21955</cvename> + <cvename>CVE-2023-21940</cvename> + <cvename>CVE-2023-21947</cvename> + <cvename>CVE-2023-21963</cvename> + <url>https://www.oracle.com/security-alerts/cpujan2023.html#AppendixMSQL</url>; + </references> + <dates> + <discovery>2023-04-19</discovery> + <entry>2023-04-22</entry> + </dates> + </vuln> + <vuln vid="90c48c04-d549-4fc0-a503-4775e32d438e"> <topic>chromium -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202304221220.33MCKcvE002801>