1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20mysql%20CVE%27s%20in%20mga1%20%3D%3E%20have%20it%20update%20to%20mariadb&In-Reply-To=%3CCA%2BCX%2BbhB7HaLDbn2KECV%3DjbQ%2BwiNA_yQuavQqAizeoNVDo9%2BAA%40mail.gmail.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="014231.html">
<LINK REL="Next" HREF="014239.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb</H1>
<B>Pascal Terjan</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20mysql%20CVE%27s%20in%20mga1%20%3D%3E%20have%20it%20update%20to%20mariadb&In-Reply-To=%3CCA%2BCX%2BbhB7HaLDbn2KECV%3DjbQ%2BwiNA_yQuavQqAizeoNVDo9%2BAA%40mail.gmail.com%3E"
TITLE="[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb">pterjan at gmail.com
</A><BR>
<I>Fri Apr 13 13:37:46 CEST 2012</I>
<P><UL>
<LI>Previous message: <A HREF="014231.html">[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
</A></li>
<LI>Next message: <A HREF="014239.html">[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#14233">[ date ]</a>
<a href="thread.html#14233">[ thread ]</a>
<a href="subject.html#14233">[ subject ]</a>
<a href="author.html#14233">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>On Fri, Apr 13, 2012 at 12:12, AL13N <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">alien at rmail.be</A>> wrote:
><i> 1. find all the responsible patches and add them manually
</I>><i> ==> this is my preferred option, but seems not doable, and apparently
</I>><i> no-one steps in and mysql isn't maintained (officially)
</I>
Not possible as most of the unfixed CVE on MySQL only say things like:
Unspecified vulnerability in the MySQL Server component in Oracle MySQL
5.5.x allows remote authenticated users to affect confidentiality and
integrity via unknown vectors.
So there is no way to know what was fixed and when.
><i> 2. do like other distros and fix to higher mysql 5.5.22 which fixes this
</I>><i> issue
</I>><i> ==> this is totally not preferred for me;
</I>><i>  A) a big change between mysql 5.5.10 and mysql 5.5.22, which means huge QA load
</I>
This will happen anyway. Testing will be the same whatever the amount
of changes is.
><i>  B) this also means that the mga1 -> mga2 upgrade will have to be
</I>><i> extensively retested
</I>
At least there will be no package name change etc, so nothing really
new regarding upgrade
><i> 3. go to the cauldron version that fixes these issues which is mariadb-5.5.23
</I>><i> ==> this is less preferred for me:
</I>><i>  A) a big change between mysql 5.5.10 and mysql 5.5.22, which means huge
</I>><i> QA load
</I>
And even more, as it implies testing that all packages from mga1 using
mysql need to be tested (as more recent ones were tested in cauldron)
><i>  B) however the mga1 -> mga2 upgrade has been tested already, so the
</I>><i> chance of serious issues arising for this is alot less than normallY.
</I>
But it will need to be tested completely again as now mga1 state would
be very different from what it was
><i>  C) since mariadb-5.5.23 is based on mysql-5.5.23, the changes are quite
</I>><i> less than would normally be.
</I>><i>
</I>><i> 4. don't fix this security issue
</I>><i> ==> this is also less preferred for me, for obvious reasons.
</I>><i>
</I>><i> 5. someone has a better idea?
</I></PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="014231.html">[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
</A></li>
<LI>Next message: <A HREF="014239.html">[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#14233">[ date ]</a>
<a href="thread.html#14233">[ thread ]</a>
<a href="subject.html#14233">[ subject ]</a>
<a href="author.html#14233">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
