Subject: pkg/34577: mysql-server-5.0.24a has vulnerabilities
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <Gilles@Gravier.org>
List: pkgsrc-bugs
Date: 09/21/2006 05:25:00
>Number: 34577
>Category: pkg
>Synopsis: mysql-server-5.0.24a has vulnerabilities
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Sep 21 05:25:00 +0000 2006
>Originator: Gilles Gravier
>Release: 3.0.1
>Organization:
>Environment:
NetBSD mailhost 3.0.1 NetBSD 3.0.1 (GENERIC) #0: Thu Jul 13 23:43:47 UTC 2006 builds@b3.netbsd.org:/home/builds/ab/netbsd-3-0-1-RELEASE/i386/200607131826Z-obj/home/builds/ab/netbsd-3-0-1-RELEASE/src/sys/arch/i386/compile/GENERIC i386
>Description:
For the last several days, I've been receiving the following message during the security-audit of my machine:
Package mysql-server-5.0.24a has a security-bypass vulnerability, see http://secunia.com/advisories/21506/
Package mysql-server-5.0.24a has a privilge-escalation vulnerability, see http://secunia.com/advisories/21506/
Any idea when it will be fixed?
>How-To-Repeat:
Install mysql-server and then run audit-packages
>Fix:
Waiting for a fix to mysql-server