====================================================== Name: CVE-2013-3783 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3783 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser. ====================================================== Name: CVE-2013-3793 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3793 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. ====================================================== Name: CVE-2013-3794 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3794 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition. ====================================================== Name: CVE-2013-3795 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3795 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. ====================================================== Name: CVE-2013-3796 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3796 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. ====================================================== Name: CVE-2013-3798 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3798 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached. ====================================================== Name: CVE-2013-3801 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3801 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options. ====================================================== Name: CVE-2013-3802 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3802 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. ====================================================== Name: CVE-2013-3804 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3804 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. ====================================================== Name: CVE-2013-3805 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3805 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements. ====================================================== Name: CVE-2013-3806 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3806 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811. ====================================================== Name: CVE-2013-3807 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3807 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges. ====================================================== Name: CVE-2013-3808 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3808 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options. ====================================================== Name: CVE-2013-3809 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3809 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log. ====================================================== Name: CVE-2013-3810 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3810 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions. ====================================================== Name: CVE-2013-3811 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3811 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806. ====================================================== Name: CVE-2013-3812 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3812 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130603 Category: Reference: CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. Reproducible: Steps to Reproduce:
btw we have mariadb
CC: (none) => alien
Source RPM: mysql => mariadb
Summary: Multiple vulnerabilities in mysql (CVE-2013-3783, 3793, 3794, 3795, 3796, 3798, 3801, 3802, 3804, 3805, 3806, 3807, 3808, 3809, 3810, 3811, 3812) => Multiple vulnerabilities in mariadb/mysql (CVE-2013-3783, 3793, 3794, 3795, 3796, 3798, 3801, 3802, 3804, 3805, 3806, 3807, 3808, 3809, 3810, 3811, 3812)
and mariadb piggy-backs on mysql, no?
Yep...
CC: (none) => tmbAssignee: bugsquad => alien
Duplicate. *** This bug has been marked as a duplicate of bug 9878 ***
Status: NEW => RESOLVEDCC: (none) => luigiwalserResolution: (none) => DUPLICATE
I think you're mistaking closing this bug as it affects mga2 and mga3 as far as I can tell. mariadb-5.5.32-1.mga3 was submitted to core/updates_testing yesterday, but I'm awating information how these CVE's affects mariadb.
Status: RESOLVED => REOPENEDResolution: DUPLICATE => (none)
The other bug is for Mageia 2 and 3. *** This bug has been marked as a duplicate of bug 9878 ***
Status: REOPENED => RESOLVEDResolution: (none) => DUPLICATE
Please note the way we handle a bug for multiple versions using the whiteboard. We always set the version to the *highest* version affected, and then add tags in the whiteboard for other versions affected. So, for a bug affecting Cauldron, Mageia 3, and Mageia 2, the whiteboard has: MGA3TOO, MGA2TOO For a bug just affecting Mageia 2 and Mageia 3, version is 3, whiteboard has: MGA2TOO
well, that was just it... this isn't resolved in cauldron and for cauldron it could take a while...
even mga3 isn't fixed imho, not even if it would be validated... it needs more checking and some CVE explanations to be sure
Indeed. We normally try to have things fixed in Cauldron before shipping updates for stable. If we can't do that this time, we will need a new bug for QA, so I suppose we could use this one for that. Let's wait to reopen it until there are update candidates ready :o)
cauldron can't be fixed for now (could take a while) the one in mga3 was submitted, even though it needs some checking