Date: Fri, 17 Jul 2015 11:56:08 +0200 From: Alex Dupre <ale@FreeBSD.org> To: Erwin Lansing <erwin@FreeBSD.org> Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r392140 - head/databases/mysql56-server Message-ID: <55A8D138.2050901@FreeBSD.org> In-Reply-To: <20150717081711.GS63119@droso.dk> References: <201507151349.t6FDn5Sf079974@svnmir.geo.freebsd.org> <20150717081711.GS63119@droso.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Erwin Lansing wrote: >> URL: https://svnweb.freebsd.org/changeset/ports/392140 >> >> Log: >> Update to 5.6.25 release. > > Does this by any change fix this vulnerability? No, probably they are not going to fix this "vulnerability" because, even if it wasn't a great security choice and in fact it changed in mysql 5.7, it was the intended and documented behavior: > For MySQL client programs, this option permits but does not require the client to connect to the server using SSL. Therefore, this option is not sufficient in itself to cause an SSL connection to be used. For example, if you specify this option for a client program but the server has not been configured to enable SSL connections, the client falls back to an unencrypted connection. -- Alex Dupre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55A8D138.2050901>