User:Ajak/Security Notes

I do a bit of security bug wrangling for Gentoo. Here are some quirks with upstreams and other things related to that I think it would be useful to document. For most of the software mentioned here, release announcement mailing lists and other announcement methods can be found on Sam's release announcement page.

Oracle CPU Advisories
Oracle provides quarterly critical patch updates for their software. The advisories for these announce vulnerabilities discovered in their software (example). Gentoo carries several of these softwares, including several of their forks which are generally vulnerable to the same vulnerabilities. They will need bugs filed if affected by any announced vulnerabilities:

Java
We don't have dev-java/oracle-{jre,jdk}-bin themselves in tree anymore (bug 732630, bug 717638), but we still have dev-java/icedtea{,-bin} and dev-java/openjdk{,-jre-bin,-bin}.

Virtualbox
No surprises here, app-emulation/virtualbox.

MySQL
Not only can there be vulnerabilities in dev-db/mysql itself, but also sometimes dev-db/mysql-cluster and dev-db/mysql-connector-c{,++}.

It has a couple forks and their own associated softwares too: dev-db/percona-server, dev-db/mariadb{,-connector-c}.