Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 19 Mar 2003 16:18:23 +0200
From:      Peter Pentchev <roam@ringlet.net>
To:        Alexandr Kovalenko <never@nevermind.kiev.ua>
Cc:        freebsd-security@freebsd.org
Subject:   Re: MySQL vulnerability: will go into -RELEASE?
Message-ID:  <20030319141823.GH27330@straylight.oblivion.bg>
In-Reply-To: <20030319140855.GG27330@straylight.oblivion.bg>
References:  <20030319132332.GA18138@nevermind.kiev.ua> <20030319140855.GG27330@straylight.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help 

--R6sEYoIZpp9JErk7
Content-Type: text/plain; charset=windows-1251
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Mar 19, 2003 at 04:08:55PM +0200, Peter Pentchev wrote:
> On Wed, Mar 19, 2003 at 03:23:32PM +0200, Alexandr Kovalenko wrote:
> > I wonder if there are plans to update MySQL to version 3.23.56 before
> > 4.8 in order to fix security vulnerability described here:
> >=20
> > http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D104739810523433&w=3D2
> >=20
> > ?
>=20
> I wrote a follow-up to that message which never made it to Bugtraq;
> the list moderators somehow failed to act upon it, neither approving
> nor rejecting it after a few days.
>=20
> Basically, the FreeBSD port of MySQL is safe, as long as people use
> the startup script provided by the port.  The --user command-line
> option overrides any and all config file settings, thus rendering
> this particular vulnerability harmless.  Of course, other config file
> settings may still affect the MySQL server, but the most dangerous
> one is moot for users of the FreeBSD port.

And just for the record, this is not a recent development in answer
to this particular advisory; it has been so since rev. 1.58 of the
port's Makefile, sometime in July 1999.

G'luck,
Peter

--=20
Peter Pentchev	roam@ringlet.net    roam@sbnd.net    roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
When you are not looking at it, this sentence is in Spanish.

--R6sEYoIZpp9JErk7
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+eHwv7Ri2jRYZRVMRAlrdAJkBdI66H8PJzjDu9EL7mKIIsOWvLACglzln
XQm3kfX7+9NkGR6fkGSafgc=
=tEkx
-----END PGP SIGNATURE-----

--R6sEYoIZpp9JErk7--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030319141823.GH27330>