curtis at orleans.occnc.com
Sun May 2 02:03:43 UTC 2021
The ports collection still has MySQL server versions 5.7.33 and
The VuXML database has had an entry for mysql since April 20 that
affects mysql57-server < 5.7.34 and mysql80-server < 8.0.24. It
sounds rather severe:
This Critical Patch Update contains 49 new security patches for
Oracle MySQL. 10 of these vulnerabilities may be remotely
exploitable without authentication, i.e., may be exploited over a
network without requiring user credentials. The highest CVSS v3.1
Base Score of vulnerabilities affecting Oracle MySQL is 9.8.
Any idea when the port will be updated?
It might be good to update this promptly just in case someone wants to
run some sort of serious mysql application in production.
ps - I copied freebsd-ports since there is no recent activity on
freebsd-database other than some spam in January and the mailing list
appears to be unused. And btw - yes I know to update using git.
More information about the freebsd-ports