[ubuntu-hardened] Question fix version of several MySQL CVEs
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Mar 7 12:25:47 UTC 2023
Hi,
On 2023-03-07 04:36, Christian Dupuis wrote:
> Hey, one of our customers is reporting some CVE false positives for the mysql-8.0 package on Ubuntu 20.04.
>
> The CVEs in question have a fix version of 8.0.32-0buntu0.20.04.1 (notice the missing ‘u’ in ‘buntu’) which seems incorrect.
>
> One of the CVEs is at https://ubuntu.com/security/CVE-2023-21881. What would be the procedure to get these fixed?
>
> The following CVEs all have a similar fix version:
>
> "CVE-2023-21863"
> "CVE-2023-21877"
> "CVE-2023-21880"
> "CVE-2023-21876"
> "CVE-2023-21873"
> "CVE-2023-21869"
> "CVE-2023-21887"
> "CVE-2023-21879"
> "CVE-2023-21878"
> "CVE-2023-21836"
> "CVE-2023-21868"
> "CVE-2023-21871"
> "CVE-2023-21867"
> "CVE-2023-21870"
> "CVE-2023-21883"
> "CVE-2023-21882"
> "CVE-2023-21875"
> "CVE-2023-21881"
>
> Regards,
>
> Christian Dupuis
> Docker
We did release a series of updates with "ubuntu" mistyped as "buntu" in the
version string by mistake, so the version there is accurate.
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0buntu0.22.04.1
Marc.
More information about the ubuntu-hardened
mailing list