Bug 26080

Summary: mysql-workbench new security issues CVE-2019-7317, CVE-2019-16168, CVE-2020-1730, CVE-2020-1967, CVE-2021-3450
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: jani.valimaa
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: mysql-workbench-6.3.10-6.mga7.src.rpm CVE:
Status comment: Fixed upstream in 8.0.22
Bug Depends on:    
Bug Blocks: 26521    

Description David Walser 2020-01-15 14:10:58 CET
The January 2020 Oracle CPU lists a vulnerability in mysql-workbench:
https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL

The issue is fixed upstream in 8.0.19.

Mageia 7 is also affected.
David Walser 2020-01-15 14:11:07 CET

Whiteboard: (none) => MGA7TOO

Comment 1 Lewis Smith 2020-01-16 20:05:11 CET
This package has no registered maintainer, so assigning globally; CC'ing wally who has done the most recent commits, hope this is OK.

Assignee: bugsquad => pkg-bugs
CC: (none) => jani.valimaa

David Walser 2020-01-24 13:26:38 CET

Status comment: (none) => Fixed upstream in 8.0.19

David Walser 2020-04-21 22:05:11 CEST

Blocks: (none) => 26521

Comment 2 David Walser 2020-05-10 07:18:02 CEST
Package has been dropped in Cauldron.

Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)

Comment 3 David Walser 2020-10-29 01:37:57 CET
October Oracle CPU lists two more security issues for mysql-workbench:
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL

Through 8.0.21 is affected, so I assume fixes are in 8.0.22:
https://dev.mysql.com/downloads/workbench/

Status comment: Fixed upstream in 8.0.19 => Fixed upstream in 8.0.22
Summary: mysql-workbench new security issue CVE-2019-16168 => mysql-workbench new security issues CVE-2019-16168, CVE-2020-1730, CVE-2020-1967

Comment 4 David Walser 2021-06-28 21:13:21 CEST
April 2021 Oracle CPU lists two more security issues for mysql-workbench:
https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL

Through 8.0.23 is affected, so I assume fixes are in 8.0.25:
https://dev.mysql.com/downloads/workbench/

Summary: mysql-workbench new security issues CVE-2019-16168, CVE-2020-1730, CVE-2020-1967 => mysql-workbench new security issues CVE-2019-7317, CVE-2019-16168, CVE-2020-1730, CVE-2020-1967, CVE-2021-3450

Comment 5 David Walser 2021-07-01 18:21:34 CEST
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/

Resolution: (none) => OLD
Status: NEW => RESOLVED