git: 3f3224feea96 - main - security/vuxml: Document MySQL vulnerabilities

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Bernard Spil <brnrd_at_FreeBSD.org>
Date: Mon, 23 Oct 2023 18:08:50 UTC
The branch main has been updated by brnrd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=3f3224feea965a2c2b80160c2e7604685880add7

commit 3f3224feea965a2c2b80160c2e7604685880add7
Author:     Bernard Spil <brnrd@FreeBSD.org>
AuthorDate: 2023-10-23 18:08:48 +0000
Commit:     Bernard Spil <brnrd@FreeBSD.org>
CommitDate: 2023-10-23 18:08:48 +0000

    security/vuxml: Document MySQL vulnerabilities
---
 security/vuxml/vuln/2023.xml | 91 ++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 83 insertions(+), 8 deletions(-)

diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 16f74bd4b19c..7e90f35c98f3 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,21 +1,96 @@
+  <vuln vid="22df5074-71cd-11ee-85eb-84a93843eb75">
+    <topic>MySQL -- Multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>mysql57-server</name>
+	<range><lt>5.7.44</lt></range>
+      </package>
+      <package>
+	<name>mysql-connector-c++</name>
+	<range><lt>8.0.35</lt></range>
+      </package>
+      <package>
+	<name>mysql-connector-j</name>
+	<range><lt>8.1.1</lt></range>
+      </package>
+      <package>
+	<name>mysql-connector-odbc</name>
+	<range><lt>8.1.1</lt></range>
+      </package>
+      <package>
+	<name>mysql80-server</name>
+	<range><lt>8.0.35</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Oracle reports:</p>
+	<blockquote cite="https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixMSQL">
+	  <p>This Critical Patch Update contains 37 new security patches, plus
+	    additional third party patches noted below, for Oracle MySQL. 9 of
+	    these vulnerabilities may be remotely exploitable without
+	    authentication, i.e., may be exploited over a network without
+	    requiring user credentials.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2022-42898</cvename>
+      <cvename>CVE-2023-2650</cvename>
+      <cvename>CVE-2023-3817</cvename>
+      <cvename>CVE-2023-22015</cvename>
+      <cvename>CVE-2023-22026</cvename>
+      <cvename>CVE-2023-22028</cvename>
+      <cvename>CVE-2023-22032</cvename>
+      <cvename>CVE-2023-22059</cvename>
+      <cvename>CVE-2023-22064</cvename>
+      <cvename>CVE-2023-22065</cvename>
+      <cvename>CVE-2023-22066</cvename>
+      <cvename>CVE-2023-22068</cvename>
+      <cvename>CVE-2023-22070</cvename>
+      <cvename>CVE-2023-22078</cvename>
+      <cvename>CVE-2023-22079</cvename>
+      <cvename>CVE-2023-22084</cvename>
+      <cvename>CVE-2023-22092</cvename>
+      <cvename>CVE-2023-22094</cvename>
+      <cvename>CVE-2023-22095</cvename>
+      <cvename>CVE-2023-22097</cvename>
+      <cvename>CVE-2023-22102</cvename>
+      <cvename>CVE-2023-22103</cvename>
+      <cvename>CVE-2023-22104</cvename>
+      <cvename>CVE-2023-22110</cvename>
+      <cvename>CVE-2023-22111</cvename>
+      <cvename>CVE-2023-22112</cvename>
+      <cvename>CVE-2023-22113</cvename>
+      <cvename>CVE-2023-22114</cvename>
+      <cvename>CVE-2023-22115</cvename>
+      <cvename>CVE-2023-38545</cvename>
+      <url>https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixMSQL</url>
+    </references>
+    <dates>
+      <discovery>2023-10-17</discovery>
+      <entry>2023-10-23</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="e14b9870-62a4-11ee-897b-000bab9f87f1">
     <topic>Request Tracker -- multiple vulnerabilities</topic>
     <affects>
       <package>
-        <name>rt44</name>
-        <range><lt>4.4.6</lt></range>
+	<name>rt44</name>
+	<range><lt>4.4.6</lt></range>
       </package>
       <package>
-        <name>rt50</name>
-        <range><lt>5.0.4</lt></range>
+	<name>rt50</name>
+	<range><lt>5.0.4</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Request Tracker reports:</p>
-        <p>CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface.</p>
-        <p>CVE-2023-41260 SECURITY: RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface.</p>
-        <p>CVE-2023-45024 SECURITY: RT 5.0 is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder.</p>
+	<p>Request Tracker reports:</p>
+	<p>CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface.</p>
+	<p>CVE-2023-41260 SECURITY: RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface.</p>
+	<p>CVE-2023-45024 SECURITY: RT 5.0 is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder.</p>
       </body>
     </description>
     <references>