Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/02/2012 07:46 PM, Steven M. Christey wrote:
> (removed the full-disclosure/bugtraq mailing lists, they don't need
> to be further spammed with minor CVE assignment details.)
>
>
> On Sun, 2 Dec 2012, Sergei Golubchik wrote:
>
> > Hi, Huzaifa!
> >
> > Here's the vendor's reply:
> >
> > On Dec 02, Huzaifa Sidhpurwala wrote:
> > > * CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC
> > > Zeroday http://seclists.org/fulldisclosure/2012/Dec/4 
> > > https://bugzilla.redhat.com/show_bug.cgi?id=882599
> >
> > A duplicate of CVE-2012-5579 Already fixed in all stable MariaDB
> > version.
>
> Kurt - I suggest we REJECT CVE-2012-5579 and preserve
> CVE-2012-5611 because of the strong likelihood that CVE-2012-5611
> will be more commonly referenced in the very near future.

Sounds good to me

Please REJECT CVE-2012-5579 for this issue, instead please use
CVE-2012-5611 for this issue.



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQvCczAAoJEBYNRVNeJnmTqH4P/3p3KwQhtxygikZTA9OiJsNi
28qG8CHFzxGB8pTrHfxNdHRzHi4IBjniIQUwJOcJKMQFhlIJRCTdgvw8pBGMROOK
Hy5EVCm0r+oWFt5SDNBEZ8blRoUiSwXxgDPB7Vv1ZsuSy2EbGDxXN1W+febjGhXA
klTg1r+PaxBEaU8n+mzvBc2vYnhCKY4x0Apu46VQt4k82K5KoXTYwSVJIfWmE4FB
53I6tiFZRoICCqjBlDGbha/V0YfwG7ehtPb7Tgq+3Wd9tC8kO8pG2eKcpEzYWXlL
kK02GadWEMdBxmhxkw7yxEYXnpE/fqiIgHjXR1fydlB+3dqs1yNvhbi/x5lMUsgJ
8y422iJyH+QOI6rKcZm2AEZEkEj+/DOtZ2v6VW4vS6EZGNQ5x6VgN/T9cG0kEFgx
pKe/n3EwC3FLkqFEtU5firwfmI+zNuFrYfst+36FLpPCVEV5Ulm7Dqge9zMPxS3g
uvP3vxJxkzFkWY1zShQf1cVpXKZPYjzvmGQKhIv4/00e5XqR/BpY7Zb08qNVngD0
CayQlMM6LX9T2eufouND7/mvmmC/njennqFXG+GM6pz9AFa8ouO/P6vJ/+Rsd6Kv
+/tDHl7DIpgzwarnNpCN6TMAmGwsL6FS+GSLwDnSIjmqy3XR8hLdmoHqqfiXXKRx
3ShgRXR8r1VZ24UKd6pP
=cozl
-----END PGP SIGNATURE-----