From 7fad4236ba78ec27e72cdb4b48844d27bd8f81bc Mon Sep 17 00:00:00 2001
From: Jean-Marie RENOUARD <jean-marie-externe.renouard@datanumia.com>
Date: Wed, 22 Mar 2023 16:34:10 +0100
Subject: [PATCH] Updates CVS and docs

---
 mysqltuner.pl       | 10 +++++-----
 vulnerabilities.csv |  3 ++-
 2 files changed, 7 insertions(+), 6 deletions(-)
 mode change 100644 => 100755 vulnerabilities.csv

diff --git a/mysqltuner.pl b/mysqltuner.pl
index 5453e37..a9f1741 100644
--- a/mysqltuner.pl
+++ b/mysqltuner.pl
@@ -212,7 +212,7 @@ if ( $opt{verbose} ) {
 $opt{nocolor} = 1 if defined( $opt{outputfile} );
 $opt{tbstat}  = 0 if ( $opt{notbstat} == 1 );    # Don't print table information
 $opt{colstat} = 0 if ( $opt{nocolstat} == 1 );  # Don't print column information
-$opt{dbstat} = 0 if ( $opt{nodbstat} == 1 );  # Don't print database information
+$opt{dbstat}  = 0 if ( $opt{nodbstat} == 1 ); # Don't print database information
 $opt{noprocess} = 0
   if ( $opt{noprocess} == 1 );                # Don't print process information
 $opt{sysstat} = 0 if ( $opt{nosysstat} == 1 ); # Don't print sysstat information
@@ -1309,8 +1309,8 @@ sub get_all_vars {
     my @lineitems = ();
     foreach my $line (@mysqlslaves) {
         debugprint "L: $line ";
-        @lineitems = split /\s+/, $line;
-        $myslaves{ $lineitems[0] } = $line;
+        @lineitems                                        = split /\s+/, $line;
+        $myslaves{ $lineitems[0] }                        = $line;
         $result{'Replication'}{'Slaves'}{ $lineitems[0] } = $lineitems[4];
     }
 }
@@ -1461,7 +1461,7 @@ sub log_file_recommendations {
         $numLi++;
         debugprint "$numLi: $logLi"
           if $logLi =~ /warning|error/i and $logLi !~ /Logging to/;
-        $nbErrLog++  if $logLi =~ /error/i and $logLi !~ /Logging to/;
+        $nbErrLog++ if $logLi =~ /error/i and $logLi !~ /Logging to/;
         $nbWarnLog++ if $logLi =~ /warning/i;
         push @lastShutdowns, $logLi
           if $logLi =~ /Shutdown complete/ and $logLi !~ /Innodb/i;
@@ -2225,7 +2225,7 @@ sub get_replication_status {
           "This replication slave is not running but seems to be configured.";
     }
     if (   defined($io_running)
-        && $io_running =~ /yes/i
+        && $io_running  =~ /yes/i
         && $sql_running =~ /yes/i )
     {
         if ( $myvar{'read_only'} eq 'OFF' ) {
diff --git a/vulnerabilities.csv b/vulnerabilities.csv
old mode 100644
new mode 100755
index af3f14b..7856593
--- a/vulnerabilities.csv
+++ b/vulnerabilities.csv
@@ -1713,7 +1713,8 @@
 8.0.30;8;0;30;CVE-2022-39408;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/   |   FEDORA:FEDORA-2023-d332f0b6a3   |   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/   |   FEDORA:FEDORA-2023-e449235964   |   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/   |   MISC:https://www.oracle.com/security-alerts/cpuoct2022.html   |   URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";""
 8.0.30;8;0;30;CVE-2022-39410;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/   |   FEDORA:FEDORA-2023-d332f0b6a3   |   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/   |   FEDORA:FEDORA-2023-e449235964   |   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/   |   MISC:https://www.oracle.com/security-alerts/cpuoct2022.html   |   URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";""
 1.3.0;1;3;0;CVE-2022-40955;Candidate;"In versions of Apache InLong prior to 1.3.0; an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database; could cause this data to be deserialized by Apache InLong; potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.";"MISC:[oss-security] 20220922 CVE-2022-40955: Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC   |   URL:http://www.openwall.com/lists/oss-security/2022/09/22/5   |   MISC:https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1   |   URL:https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1";Assigned (20220919);"None (candidate not yet proposed)";""
-1.3.0;1;3;0;CVE-2022-44644;Candidate;"In Apache Linkis <=1.3.0 when used with the MySQL Connector/J; an authenticated attacker could read arbitrary local file by connecting a rogue mysql server; By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore; the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3";"MISC:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h   |   URL:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h";Assigned (20221103);"None (candidate not yet proposed)";""
+1.3.0;1;3;0;CVE-2022-44644;Candidate;"In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module; an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server; By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore; the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1";"MISC:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h   |   URL:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h";Assigned (20221103);"None (candidate not yet proposed)";""
+1.3.1;1;3;1;CVE-2022-44644;Candidate;"In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module; an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server; By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore; the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1";"MISC:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h   |   URL:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h";Assigned (20221103);"None (candidate not yet proposed)";""
 3.17.0;3;17;0;CVE-2022-45136;Candidate;"** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. Apache Jena TDB 2.";"MISC:https://lists.apache.org/thread/mc77cdl5stgjtjoldk467gdf756qjt31   |   URL:https://lists.apache.org/thread/mc77cdl5stgjtjoldk467gdf756qjt31   |   MLIST:[oss-security] 20221114 CVE-2022-45136: JDBC Deserialisation in Apache Jena SDB   |   URL:http://www.openwall.com/lists/oss-security/2022/11/14/5";Assigned (20221110);"None (candidate not yet proposed)";""
 10.3.33;10;3;33;CVE-2022-47015;Candidate;"MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.";"CONFIRM:https://security.netapp.com/advisory/ntap-20230309-0009/   |   MISC:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954   |   URL:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954";Assigned (20221212);"None (candidate not yet proposed)";""
 10.9.2;10;9;2;CVE-2022-47015;Candidate;"MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.";"CONFIRM:https://security.netapp.com/advisory/ntap-20230309-0009/   |   MISC:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954   |   URL:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954";Assigned (20221212);"None (candidate not yet proposed)";""