svn commit: r392140 - head/databases/mysql56-server
Alex Dupre
ale at FreeBSD.org
Fri Jul 17 10:02:55 UTC 2015
Erwin Lansing wrote:
>> URL: https://svnweb.freebsd.org/changeset/ports/392140
>>
>> Log:
>> Update to 5.6.25 release.
>
> Does this by any change fix this vulnerability?
No, probably they are not going to fix this "vulnerability" because,
even if it wasn't a great security choice and in fact it changed in
mysql 5.7, it was the intended and documented behavior:
> For MySQL client programs, this option permits but does not require the client to connect to the server using SSL. Therefore, this option is not sufficient in itself to cause an SSL connection to be used. For example, if you specify this option for a client program but the server has not been configured to enable SSL connections, the client falls back to an unencrypted connection.
--
Alex Dupre
More information about the svn-ports-all
mailing list