oss-sec mailing list archives
Re: MySQL 0-day - does it need a CVE?
From: Solar Designer <solar () openwall com>
Date: Sat, 11 Feb 2012 12:50:47 +0400
On Fri, Feb 10, 2012 at 12:36:46AM +0400, Solar Designer wrote:
The table at the bottom of: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html lists 27 MySQL vulnerabilities, all with CVE IDs and CVSS scoring - but little other info.
Here's a more direct link: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html#AppendixMSQL (e.g. for referring to in distro advisories). News story summarizing the problem (in Russian, sorry): http://www.opennet.ru/opennews/art.shtml?num=33051 It also mentions that Oracle Linux merely reuses RHEL's updates to MySQL without any reference to Oracle's own MySQL vulnerability/fix info. So it is not even clear whether Oracle Linux has these 27 bugs in MySQL fixed or not, despite of MySQL being an Oracle product. Alexander
Current thread:
- MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Solar Designer (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Yves-Alexis Perez (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Yves-Alexis Perez (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Solar Designer (Feb 09)
- Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 10)
- Re: MySQL 0-day - does it need a CVE? Solar Designer (Feb 11)
- Re: MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 24)
- Re: MySQL 0-day - does it need a CVE? Larry Stefonic (Feb 24)