From owner-freebsd-stable@FreeBSD.ORG  Sun Jul 11 10:09:03 2004
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8648B16A4CE
	for <freebsd-stable@freebsd.org>;
	Sun, 11 Jul 2004 10:09:03 +0000 (GMT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.183])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2BE6043D2D
	for <freebsd-stable@freebsd.org>;
	Sun, 11 Jul 2004 10:09:03 +0000 (GMT)	(envelope-from jan.d@online.de)
Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1BjbGV-0004Fj-00; Sun, 11 Jul 2004 12:08:59 +0200
Received: from [217.236.57.189] (helo=[192.168.0.45])
	by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-SHA:128)
	(Exim 3.35 #1)
	id 1BjbGV-0000HT-00; Sun, 11 Jul 2004 12:08:59 +0200
In-Reply-To: <pan.2004.07.11.08.27.16.598733@babysnakes.org>
References: <pan.2004.07.11.08.27.16.598733@babysnakes.org>
Mime-Version: 1.0 (Apple Message framework v618)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <53104FEB-D322-11D8-9FD7-000A95A951B0@online.de>
Content-Transfer-Encoding: 7bit
From: Jan Demter <jan.d@online.de>
Date: Sun, 11 Jul 2004 12:08:58 +0200
To: Haim Ashkenazi <haim@babysnakes.org>
X-Mailer: Apple Mail (2.618)
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	auth:e6838fdb84308f05098373c013eb0bbd
cc: freebsd-stable@freebsd.org
Subject: Re: what happened to mysql vulnerability
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Jul 2004 10:09:03 -0000


Am 11.07.2004 um 10:27 schrieb Haim Ashkenazi:
> in the last few days I saw a vulnerability in the portaudit output for
> mysql 4.0.20. checking mysql website I saw that they didn't release a 
> fix
> yet for the 4.0 series (only for 4.1). I could wait for it because the
> problem is not so bad for me since I use "skip-networking" in my mysql
> configuration. last night the warning disappeared from the output of
> portaudit and I didn't upgrade anything. any idea why?

MySQL 4.0 is not affected by this particular vulnerability, it was
put in the portaudit-database in error at first and then corrected 
later.

You can look up what changed and why in the portaudit-database here:
http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/portaudit-db/
database/portaudit.txt

yours,
Jan
-- 
"Aus 100 Dollar 110 Dollar zu machen, ist Arbeit. Aus 100 Millionen
  Dollar 110 Millionen Dollar zu machen, ist unvermeidlich."
	-- Edgar Bronfman