Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 18 Jul 2015 21:36:55 +0000 (UTC)
From:      Mark Felder <feld@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r392462 - branches/2015Q3/databases/mysql55-client
Message-ID:  <201507182136.t6ILatlm087956@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: feld
Date: Sat Jul 18 21:36:54 2015
New Revision: 392462
URL: https://svnweb.freebsd.org/changeset/ports/392462

Log:
  MFH: r392454
  
  Bump PORTREVISION of the client and add pkg-message to warn about
  CVE-2015-3152 which will not get patched
  
  Security:	CVE-2015-3152
  Security:	36bd352d-299b-11e5-86ff-14dae9d210b8
  Approved by:	ports-secteam (with hat)

Added:
  branches/2015Q3/databases/mysql55-client/pkg-message
     - copied unchanged from r392454, head/databases/mysql55-client/pkg-message
Modified:
  branches/2015Q3/databases/mysql55-client/Makefile
Directory Properties:
  branches/2015Q3/   (props changed)

Modified: branches/2015Q3/databases/mysql55-client/Makefile
==============================================================================
--- branches/2015Q3/databases/mysql55-client/Makefile	Sat Jul 18 21:35:43 2015	(r392461)
+++ branches/2015Q3/databases/mysql55-client/Makefile	Sat Jul 18 21:36:54 2015	(r392462)
@@ -2,6 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	mysql
+PORTREVISION=	1
 PKGNAMESUFFIX=	55-client
 
 COMMENT=	Multithreaded SQL database (client)

Copied: branches/2015Q3/databases/mysql55-client/pkg-message (from r392454, head/databases/mysql55-client/pkg-message)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2015Q3/databases/mysql55-client/pkg-message	Sat Jul 18 21:36:54 2015	(r392462, copy of r392454, head/databases/mysql55-client/pkg-message)
@@ -0,0 +1,15 @@
+* * * * * * * * * * * * * * * * * * * * * * * *
+
+Please be aware the database client is vulnerable
+to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM".
+You may find more information at the following URL:
+
+http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html
+
+Although this database client is not listed as
+"affected", it is vulnerable and will not be 
+receiving a patch. Please take note of this when
+deploying this software.
+
+* * * * * * * * * * * * * * * * * * * * * * * *
+

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507182136.t6ILatlm087956>