Error in vulnerability database, causing mysql80-server to be marked vulnerable.

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Robert Backhaus <robbak_at_gmail.com>
Date: Sat, 03 Aug 2024 04:59:13 UTC

I have sent this message to ports-secteam@, but I have not received a
response, and the error hasn't been fixed. There is an error in
vuln/2024.xml, resulting in databases/mysql80-server being incorrectly
marked vulnerable. It also may be leading to databases/mysql81-server
before version 8.1.1 not being marked vulnerable as they should be.

The error is to be with ID 3b018063-4358-11ef-b611-84a93843eb75. The
entry for mysql81-server has been incorrectly entered as
mysql80-server - leading to mysql80-server being marked vulnerable
because the version will always be less than version 8.1.1.

It also leaves the record with duplicate mysql80-server entries, which
could also cause issues.

Required patch -

diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index cdd182d0423f..05c3bd25a415 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -273,7 +273,7 @@
  <range><lt>8.1.1</lt></range>
       </package>
       <package>
- <name>mysql80-server</name>
+ <name>mysql81-server</name>
  <range><lt>8.1.1</lt></range>
       </package>
       <package>


See https://www.vuxml.org/freebsd/3b018063-4358-11ef-b611-84a93843eb75.html