sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-05-25 07:26:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Bump PORTREVISION of the client and add pkg-message to warn about

Browse source 
CVE-2015-3152 which will not get patched

Security:	CVE-2015-3152
Security:	36bd352d-299b-11e5-86ff-14dae9d210b8
This commit is contained in:
Mark Felder 2015-07-18 21:21:14 +00:00
parent 3cc2374112
commit af4ddc5081
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=392456
2 changed files with 17 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
databases/mysql56-client/Makefile
View file

@ -2,14 +2,14 @@
# $FreeBSD$ # $FreeBSD$
PORTNAME= mysql PORTNAME= mysql
PORTREVISION= 1 PORTREVISION= 2
PKGNAMESUFFIX= 56-client PKGNAMESUFFIX= 56-client
COMMENT= Multithreaded SQL database (client) COMMENT= Multithreaded SQL database (client)
MASTERDIR= ${.CURDIR}/../mysql56-server MASTERDIR= ${.CURDIR}/../mysql56-server
PKGMESSAGE= mustnotexist PKGMESSAGE= ${.CURDIR}/pkg-message
PATCHDIR= ${.CURDIR}/files PATCHDIR= ${.CURDIR}/files
PLIST= ${.CURDIR}/pkg-plist PLIST= ${.CURDIR}/pkg-plist

15
databases/mysql56-client/pkg-message Normal file
View file

@ -0,0 +1,15 @@
* * * * * * * * * * * * * * * * * * * * * * * *
Please be aware the database client is vulnerable
to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM".
You may find more information at the following URL:
http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html
Although this database client is not listed as
"affected", it is vulnerable and will not be
receiving a patch. Please take note of this when
deploying this software.
* * * * * * * * * * * * * * * * * * * * * * * *