Bug 29923

Summary: mysql-connector-c++ new security issues CVE-2021-371[12]
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: andrewsfarm, davidwhodgins, herman.viaene, jani.valimaa, mageia, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: mysql-connector-c++-8.0.27-1.mga9.src.rpm CVE:
Status comment:

Description David Walser 2022-01-21 20:28:14 CET 
January 2022 Oracle CPU:
https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL

The issues are fixed upstream in 8.0.28.

Mageia 8 is also affected.
David Walser 2022-01-21 20:28:24 CET

Status comment: (none) => Fixed upstream in 8.0.28
Whiteboard: (none) => MGA8TOO

Comment 1 David Walser 2022-01-22 21:38:54 CET 
mysql-connector-c++-8.0.28-1.mga9 uploaded for Cauldron by Jani.

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8

Comment 2 Nicolas Lécureuil 2022-01-22 23:43:28 CET 
New version pushed in mga8:


src:
    - mysql-connector-c++-8.0.28-1.mga8

CC: (none) => jani.valimaa, mageia
Assignee: jani.valimaa => qa-bugs
Status comment: Fixed upstream in 8.0.28 => (none)

Comment 3 David Walser 2022-01-23 00:21:17 CET 
libmysqlcppconn8_2-8.0.28-1.mga8
libmysqlcppconn9-8.0.28-1.mga8
libmysqlcppconn8-devel-8.0.28-1.mga8

from mysql-connector-c++-8.0.28-1.mga8.src.rpm
Comment 4 Herman Viaene 2022-01-24 16:15:25 CET 
MGA8-64 Plasma on Lenovo B50 in Dutch
No installattion isssues
Developper libraries, OK on clean install.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 5 Thomas Andrews 2022-01-24 20:54:48 CET 
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 6 Dave Hodgins 2022-01-24 22:48:04 CET 
Why is the package being added to Mageia 8?

Prior to this update, Mageia 8 only has libmysqlcppconn7 from
mysql-connector-c++-1.1.9-4.mga8.src.rpm

CC: (none) => davidwhodgins
Whiteboard: MGA8-64-OK => MGA8-64-OK
Keywords: (none) => feedback

Comment 7 David Walser 2022-01-25 00:40:54 CET 
It wasn't added, it was already in Mageia 8.  The library major was updated, but no packages are built against it.

Keywords: feedback => (none)

Comment 8 Dave Hodgins 2022-01-25 03:40:46 CET 
The cve entries

Keywords: (none) => advisory

Comment 9 Mageia Robot 2022-01-25 13:14:37 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0035.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED