oss-sec mailing list archives
Re: CVE Request: MySQL: MyISAM temporary file issue
From: Tomas Hoger <thoger () redhat com>
Date: Fri, 12 Sep 2014 11:13:25 +0200
On Thu, 11 Sep 2014 12:36:00 -0700 Ritwik Ghoshal wrote:
On 9/11/2014 1:28 AM, Sven Kieske wrote:On 10/09/14 18:00, Salvatore Bonaccorso wrote:The changes for MySQL 5.5.39[1] and 5.6.20[2] contain a reference to the following issue, which could be exploited by a local user to run arbitrary code in context of the mysqld server.While I'm investigating this: Does someone happen to know in which version this vuln got introduced?A complete list of all affected-supported MySQL releases will be published via Oracle's quarterly Critical Patch Update(CPU) advisory. More information about our CPU program is available at - http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Is CPU actually going to include the information Sven asked for? Such information was on included in past CPUs - they only mention the last affected version in supported branch. So in case of this flaw, it's most likely only going to say: Supported Versions Affected: 5.5.38 and earlier, 5.6.19 and earlier That will not answer the original question, or provide more information than what's already available. I mean it's reasonable to admit the info about the first affected version is not readily available and won't be looked for, just noting that CPU is very unlikely to provide that information. -- Tomas Hoger / Red Hat Product Security
Current thread:
- Re: CVE Request: MySQL: MyISAM temporary file issue, (continued)
- Re: CVE Request: MySQL: MyISAM temporary file issue Sven Kieske (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue John Haxby (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue John Haxby (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Sven Kieske (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Kurt Seifried (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Loganaden Velvindron (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Sven Kieske (Sep 12)
- Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 12)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 12)
- Re: CVE Request: MySQL: MyISAM temporary file issue Sven Kieske (Sep 11)