svn commit: r525001 - head/security/vuxml
Bernard Spil
brnrd at FreeBSD.org
Sun Feb 2 20:14:41 UTC 2020
Author: brnrd
Date: Sun Feb 2 20:14:40 2020
New Revision: 525001
URL: https://svnweb.freebsd.org/changeset/ports/525001
Log:
security/vuxml: Properly document MariaDB vuln
PR: 243660
Reported by: <ari ish com au>
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Feb 2 19:54:15 2020 (r525000)
+++ head/security/vuxml/vuln.xml Sun Feb 2 20:14:40 2020 (r525001)
@@ -58,6 +58,80 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="cb0183bb-45f6-11ea-a1c7-b499baebfeaf">
+ <topic>MariaDB -- Vulnerability in C API</topic>
+ <affects>
+ <package>
+ <name>mariadb55-client</name>
+ <range><lt>5.5.67</lt></range>
+ </package>
+ <package>
+ <name>mariadb55-server</name>
+ <range><lt>5.5.67</lt></range>
+ </package>
+ <package>
+ <name>mariadb101-client</name>
+ <range><lt>10.1.44</lt></range>
+ </package>
+ <package>
+ <name>mariadb101-server</name>
+ <range><lt>10.1.44</lt></range>
+ </package>
+ <package>
+ <name>mariadb102-client</name>
+ <range><lt>10.2.31</lt></range>
+ </package>
+ <package>
+ <name>mariadb102-server</name>
+ <range><lt>10.2.31</lt></range>
+ </package>
+ <package>
+ <name>mariadb103-client</name>
+ <range><lt>10.3.22</lt></range>
+ </package>
+ <package>
+ <name>mariadb103-server</name>
+ <range><lt>10.3.22</lt></range>
+ </package>
+ <package>
+ <name>mariadb104-client</name>
+ <range><lt>10.4.12</lt></range>
+ </package>
+ <package>
+ <name>mariadb104-server</name>
+ <range><lt>10.4.12</lt></range>
+ </package>
+ <package>
+ <name>mariadb-connector-c</name>
+ <range><lt>3.1.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MariaDB reports:</p>
+ <blockquote cite="https://mariadb.com/kb/en/security/">
+ <p>Difficult to exploit vulnerability allows unauthenticated attacker
+ with network access via multiple protocols to compromise MySQL Client.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://mariadb.com/kb/en/security/</url>
+ <url>https://mariadb.com/kb/en/mdb-5567-rn/</url>
+ <url>https://mariadb.com/kb/en/mdb-10412-rn/</url>
+ <url>https://mariadb.com/kb/en/mdb-10322-rn/</url>
+ <url>https://mariadb.com/kb/en/mdb-10231-rn/</url>
+ <url>https://mariadb.com/kb/en/mdb-10144-rn/</url>
+ <url>https://mariadb.com/kb/en/mariadb-connector-c-317-release-notes/</url>
+ <cvename>CVE-2020-2574</cvename>
+ </references>
+ <dates>
+ <discovery>2020-01-28</discovery>
+ <entry>2020-02-02</entry>
+ </dates>
+ </vuln>
+
<vuln vid="1e7fa41b-f6ca-4fe8-bd46-0e176b42b14f">
<topic>libssh -- Unsanitized location in scp could lead to unwanted command execution</topic>
<affects>
@@ -495,26 +569,6 @@ Notes:
<topic>MySQL -- Multiple vulerabilities</topic>
<affects>
<package>
- <name>mariadb55-server</name>
- <range><lt>5.5.67</lt></range>
- </package>
- <package>
- <name>mariadb101-server</name>
- <range><lt>10.1.44</lt></range>
- </package>
- <package>
- <name>mariadb102-server</name>
- <range><lt>10.2.31</lt></range>
- </package>
- <package>
- <name>mariadb103-server</name>
- <range><lt>10.3.22</lt></range>
- </package>
- <package>
- <name>mariadb104-server</name>
- <range><lt>10.4.12</lt></range>
- </package>
- <package>
<name>mysql56-server</name>
<range><lt>5.6.47</lt></range>
</package>
@@ -573,6 +627,7 @@ Notes:
<dates>
<discovery>2020-01-14</discovery>
<entry>2020-01-15</entry>
+ <modified>2020-02-02</modified>
</dates>
</vuln>
More information about the svn-ports-head
mailing list