oss-sec mailing list archives

Re: CVE request for mysql bug #22413

From: Jonathan Smith <smithj () freethemallocs com>
Date: Thu, 21 Feb 2008 12:58:12 -0900

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jamie Strandboge wrote:
| We have a bug report open to fix http://bugs.mysql.com/bug.php?id=22413.
| This is a DoS via a 'EXPLAIN SELECT FROM view with ORDER BY' statement
| and is fixed in 5.0.32. Can a CVE be assigned for this?

You'll probably want to CC Steve on such emails... I don't think he's
actually subscribed to the list (Steve, feel free to correct me if I'm
wrong here... I assumed it would be the same as vendor-sec).

        smithj

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (GNU/Linux)

iEYEARECAAYFAke98/QACgkQCG91qXPaRenoGACfZ4TgQfKSlucFbhhXXlT9VXed
htkAoILmvZ9mIIPg+OCoJ6qsuJahJfWq
=zGvc
-----END PGP SIGNATURE-----

Current thread:

CVE request for mysql bug #22413 Jamie Strandboge (Feb 21)
- Re: CVE request for mysql bug #22413 Jonathan Smith (Feb 21)
  - Re: CVE Help (CVE request for mysql bug #22413) Josh Bressers (Feb 21)
    - Re: CVE Help Solar Designer (Feb 22)
    - Re: CVE Help (CVE request for mysql bug #22413) Steven M. Christey (Feb 25)
  - Re: CVE request for mysql bug #22413 Steven M. Christey (Feb 26)