diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2012-April/014233.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2012-April/014233.html | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2012-April/014233.html b/zarb-ml/mageia-dev/2012-April/014233.html new file mode 100644 index 000000000..83f6cf913 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-April/014233.html @@ -0,0 +1,139 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20mysql%20CVE%27s%20in%20mga1%20%3D%3E%20have%20it%20update%20to%20mariadb&In-Reply-To=%3CCA%2BCX%2BbhB7HaLDbn2KECV%3DjbQ%2BwiNA_yQuavQqAizeoNVDo9%2BAA%40mail.gmail.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="014231.html"> + <LINK REL="Next" HREF="014239.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb</H1> + <B>Pascal Terjan</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20mysql%20CVE%27s%20in%20mga1%20%3D%3E%20have%20it%20update%20to%20mariadb&In-Reply-To=%3CCA%2BCX%2BbhB7HaLDbn2KECV%3DjbQ%2BwiNA_yQuavQqAizeoNVDo9%2BAA%40mail.gmail.com%3E" + TITLE="[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb">pterjan at gmail.com + </A><BR> + <I>Fri Apr 13 13:37:46 CEST 2012</I> + <P><UL> + <LI>Previous message: <A HREF="014231.html">[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb +</A></li> + <LI>Next message: <A HREF="014239.html">[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#14233">[ date ]</a> + <a href="thread.html#14233">[ thread ]</a> + <a href="subject.html#14233">[ subject ]</a> + <a href="author.html#14233">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On Fri, Apr 13, 2012 at 12:12, AL13N <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">alien at rmail.be</A>> wrote: +><i> 1. find all the responsible patches and add them manually +</I>><i> ==> this is my preferred option, but seems not doable, and apparently +</I>><i> no-one steps in and mysql isn't maintained (officially) +</I> +Not possible as most of the unfixed CVE on MySQL only say things like: + + Unspecified vulnerability in the MySQL Server component in Oracle MySQL + 5.5.x allows remote authenticated users to affect confidentiality and + integrity via unknown vectors. + +So there is no way to know what was fixed and when. + +><i> 2. do like other distros and fix to higher mysql 5.5.22 which fixes this +</I>><i> issue +</I>><i> ==> this is totally not preferred for me; +</I>><i>  A) a big change between mysql 5.5.10 and mysql 5.5.22, which means huge QA load +</I> +This will happen anyway. Testing will be the same whatever the amount +of changes is. + +><i>  B) this also means that the mga1 -> mga2 upgrade will have to be +</I>><i> extensively retested +</I> +At least there will be no package name change etc, so nothing really +new regarding upgrade + +><i> 3. go to the cauldron version that fixes these issues which is mariadb-5.5.23 +</I>><i> ==> this is less preferred for me: +</I>><i>  A) a big change between mysql 5.5.10 and mysql 5.5.22, which means huge +</I>><i> QA load +</I> +And even more, as it implies testing that all packages from mga1 using +mysql need to be tested (as more recent ones were tested in cauldron) + +><i>  B) however the mga1 -> mga2 upgrade has been tested already, so the +</I>><i> chance of serious issues arising for this is alot less than normallY. +</I> +But it will need to be tested completely again as now mga1 state would +be very different from what it was + +><i>  C) since mariadb-5.5.23 is based on mysql-5.5.23, the changes are quite +</I>><i> less than would normally be. +</I>><i> +</I>><i> 4. don't fix this security issue +</I>><i> ==> this is also less preferred for me, for obvious reasons. +</I>><i> +</I>><i> 5. someone has a better idea? +</I></PRE> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="014231.html">[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb +</A></li> + <LI>Next message: <A HREF="014239.html">[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#14233">[ date ]</a> + <a href="thread.html#14233">[ thread ]</a> + <a href="subject.html#14233">[ subject ]</a> + <a href="author.html#14233">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |