From nobody Sat Nov 13 09:39:01 2021 X-Original-To: freebsd-pkg@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id AF2DB1840405 for ; Sat, 13 Nov 2021 09:39:08 +0000 (UTC) (envelope-from bsdpkg@cloudzeeland.nl) Received: from poseidon.cloudzeeland.nl (poseidon.cloudzeeland.nl [82.176.127.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "cloudzeeland.nl", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Hrr4q6TSFz4cPq for ; Sat, 13 Nov 2021 09:39:07 +0000 (UTC) (envelope-from bsdpkg@cloudzeeland.nl) Received: from poseidon.cloudzeeland.nl (unknown [10.10.10.36]) by poseidon.cloudzeeland.nl (Postfix) with ESMTP id 87B964026A for ; Sat, 13 Nov 2021 10:39:00 +0100 (CET) Received: from [10.10.10.34] (poseidon.cloudzeeland.nl [82.176.127.71]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by poseidon.cloudzeeland.nl (Postfix) with ESMTPSA id 6CAA8401E8 for ; Sat, 13 Nov 2021 10:39:00 +0100 (CET) Message-ID: <3e452727-1933-7cf9-99af-2e4a821e1206@cloudzeeland.nl> Date: Sat, 13 Nov 2021 10:39:01 +0100 List-Id: Binary package management and package tools discussion List-Archive: https://lists.freebsd.org/archives/freebsd-pkg List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pkg@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.3.0 To: freebsd-pkg@freebsd.org From: Tilly Subject: mysql80-server-8.0.26_1 is vulnerable Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP X-Rspamd-Queue-Id: 4Hrr4q6TSFz4cPq X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of bsdpkg@cloudzeeland.nl designates 82.176.127.71 as permitted sender) smtp.mailfrom=bsdpkg@cloudzeeland.nl X-Spamd-Result: default: False [-1.31 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pkg@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCVD_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[cloudzeeland.nl]; NEURAL_SPAM_SHORT(0.99)[0.990]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:15542, ipnet:82.176.0.0/16, country:NL]; RCVD_TLS_LAST(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: N Dear team(s), Perhaps I missed something here, but for some weeks I get these messages about the latest packages we are running with. As far as I can check, their port(s) have been updated. Can you pls check and let us know how to solve? Detecting package vulnerabilities vulnxml file up-to-date mysql80-server-8.0.26_1 is vulnerable: MySQL -- Multiple vulnerabilities CVE: CVE-2021-35618 CVE: CVE-2021-35623 CVE: CVE-2021-35625 CVE: CVE-2021-35633 CVE: CVE-2021-35640 CVE: CVE-2021-35613 CVE: CVE-2021-35584 CVE: CVE-2021-35632 CVE: CVE-2021-35639 CVE: CVE-2021-35624 CVE: CVE-2021-35622 CVE: CVE-2021-35546 CVE: CVE-2021-35637 CVE: CVE-2021-35630 CVE: CVE-2021-35647 CVE: CVE-2021-35646 CVE: CVE-2021-35645 CVE: CVE-2021-35644 CVE: CVE-2021-35643 CVE: CVE-2021-35642 CVE: CVE-2021-35641 CVE: CVE-2021-35638 CVE: CVE-2021-35636 CVE: CVE-2021-35635 CVE: CVE-2021-35634 CVE: CVE-2021-35575 CVE: CVE-2021-35629 CVE: CVE-2021-35628 CVE: CVE-2021-35627 CVE: CVE-2021-35626 CVE: CVE-2021-35631 CVE: CVE-2021-35648 CVE: CVE-2021-35596 CVE: CVE-2021-35591 CVE: CVE-2021-35537 CVE: CVE-2021-2479 CVE: CVE-2021-2478 CVE: CVE-2021-35577 CVE: CVE-2021-35602 CVE: CVE-2021-35608 CVE: CVE-2021-35612 CVE: CVE-2021-35604 CVE: CVE-2021-2471 CVE: CVE-2021-35621 CVE: CVE-2021-35598 CVE: CVE-2021-35594 CVE: CVE-2021-35593 CVE: CVE-2021-35592 CVE: CVE-2021-35590 CVE: CVE-2021-2481 CVE: CVE-2021-35607 CVE: CVE-2021-35597 CVE: CVE-2021-35610 CVE: CVE-2021-35583 CVE: CVE-2021-36222 CVE: CVE-2021-22926 CVE: CVE-2021-3711 CVE: CVE-2021-22931 WWW:https://vuxml.FreeBSD.org/freebsd/c9387e4d-2f5f-11ec-8be6-d4c9ef517024.html Packages that depend on mysql80-server: mysql80-client-8.0.26_1 is vulnerable: MySQL -- Multiple vulnerabilities CVE: CVE-2021-35618 CVE: CVE-2021-35623 CVE: CVE-2021-35625 CVE: CVE-2021-35633 CVE: CVE-2021-35640 CVE: CVE-2021-35613 CVE: CVE-2021-35584 CVE: CVE-2021-35632 CVE: CVE-2021-35639 CVE: CVE-2021-35624 CVE: CVE-2021-35622 CVE: CVE-2021-35546 CVE: CVE-2021-35637 CVE: CVE-2021-35630 CVE: CVE-2021-35647 CVE: CVE-2021-35646 CVE: CVE-2021-35645 CVE: CVE-2021-35644 CVE: CVE-2021-35643 CVE: CVE-2021-35642 CVE: CVE-2021-35641 CVE: CVE-2021-35638 CVE: CVE-2021-35636 CVE: CVE-2021-35635 CVE: CVE-2021-35634 CVE: CVE-2021-35575 CVE: CVE-2021-35629 CVE: CVE-2021-35628 CVE: CVE-2021-35627 CVE: CVE-2021-35626 CVE: CVE-2021-35631 CVE: CVE-2021-35648 CVE: CVE-2021-35596 CVE: CVE-2021-35591 CVE: CVE-2021-35537 CVE: CVE-2021-2479 CVE: CVE-2021-2478 CVE: CVE-2021-35577 CVE: CVE-2021-35602 CVE: CVE-2021-35608 CVE: CVE-2021-35612 CVE: CVE-2021-35604 CVE: CVE-2021-2471 CVE: CVE-2021-35621 CVE: CVE-2021-35598 CVE: CVE-2021-35594 CVE: CVE-2021-35593 CVE: CVE-2021-35592 CVE: CVE-2021-35590 CVE: CVE-2021-2481 CVE: CVE-2021-35607 CVE: CVE-2021-35597 CVE: CVE-2021-35610 CVE: CVE-2021-35583 CVE: CVE-2021-36222 CVE: CVE-2021-22926 CVE: CVE-2021-3711 CVE: CVE-2021-22931 WWW:https://vuxml.FreeBSD.org/freebsd/c9387e4d-2f5f-11ec-8be6-d4c9ef517024.html Packages that depend on mysql80-client: 2 problem(s) in 2 installed package(s) found. --- end of text --- Thanks, Jos Chrispijn