oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: MySQL: MyISAM temporary file issue

From: Tomas Hoger <thoger () redhat com>
Date: Thu, 11 Sep 2014 15:53:03 +0200
On Thu, 11 Sep 2014 10:22:13 +0200 Sven Kieske wrote:


On 10/09/14 18:00, Salvatore Bonaccorso wrote:


MyISAM temporary files could be used to mount a code-execution
attack. (Bug #18045646).


Funny enough, when you search for this bug on bugs.mysql.com you get:

http://bugs.mysql.com/bug.php?id=18045646

"No such bug #18045646 or bug is referenced in the Oracle bug system."

Is this marked as private or something like that? Even if it's public
now?


Too many digits for bugs.mysql.com bug ids, those tends to have no more
than 5 digits.  As the error message you got suggests - it's likely an
id in some internal bug tracking system.  Don't expect it to be useful
for anything else than matching release notes entry to bzr commit.

Also note that security fixes are not mentioned in release notes for
some time - inclusion of this one is likely an omission rather than
intention.

-- 
Tomas Hoger / Red Hat Product Security
Previous By Date Next
Previous By Thread Next

Current thread: